Bug 1021309 - Password should not be in cleartext
Password should not be in cleartext
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Examples (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER7
: 6.0.0
Assigned To: Gary Brown
Jiri Pechanec
Depends On:
  Show dependency treegraph
Reported: 2013-10-20 23:27 EDT by Catherine Robson
Modified: 2014-07-02 05:18 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker RTGOV-310 Major Closed ActivityClient sample should prompt for username and password 2017-01-05 15:47 EST

  None (edit)
Description Catherine Robson 2013-10-20 23:27:06 EDT
Description of problem:
In the ActivityClient quickstart POM file, the password is currently shown in cleartext.  Is this the case in other quickstarts too?

Expected solution:
Passwords should be hashed and the password should be stored in the keystore.  

As noted from field engineers, even the use of cleartext passwords only in the quickstarts would result in a failed security audit for many of our customers.
Comment 2 kconner 2013-10-30 20:24:36 EDT
Gary, can you take a look at the RTGov quickstarts and then assign back to me?
Comment 3 Gary Brown 2013-11-04 12:23:54 EST
Only the ActivityClient sample required a username/password - the user is now prompted to enter this information, so is no longer stored.
Comment 4 Jiri Pechanec 2013-12-13 02:51:07 EST
Verified in ER7
Comment 5 JBoss JIRA Server 2014-07-02 05:18:45 EDT
Gary Brown <gary@brownuk.com> updated the status of jira RTGOV-310 to Closed

Note You need to log in before you can comment on or make changes to this bug.