Bug 1021309

Summary: Password should not be in cleartext
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Catherine Robson <crobson>
Component: ExamplesAssignee: Gary Brown <gbrown>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Pechanec <jpechane>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: ldimaggi, soa-p-jira
Target Milestone: ER7   
Target Release: 6.0.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Catherine Robson 2013-10-21 03:27:06 UTC 
Description of problem:
In the ActivityClient quickstart POM file, the password is currently shown in cleartext.  Is this the case in other quickstarts too?

Expected solution:
Passwords should be hashed and the password should be stored in the keystore.  

Justification:
As noted from field engineers, even the use of cleartext passwords only in the quickstarts would result in a failed security audit for many of our customers.
Comment 2 kconner 2013-10-31 00:24:36 UTC 
Gary, can you take a look at the RTGov quickstarts and then assign back to me?
Comment 3 Gary Brown 2013-11-04 17:23:54 UTC 
Only the ActivityClient sample required a username/password - the user is now prompted to enter this information, so is no longer stored.
Comment 4 Jiri Pechanec 2013-12-13 07:51:07 UTC 
Verified in ER7
Comment 5 JBoss JIRA Server 2014-07-02 09:18:45 UTC 
Gary Brown <gary> updated the status of jira RTGOV-310 to Closed