Bug 1021309 - Password should not be in cleartext
Summary: Password should not be in cleartext
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Examples
Version: 6.0.0 GA
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ER7
: 6.0.0
Assignee: Gary Brown
QA Contact: Jiri Pechanec
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-21 03:27 UTC by Catherine Robson
Modified: 2014-07-02 09:18 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RTGOV-310 0 Major Closed ActivityClient sample should prompt for username and password 2017-01-05 20:47:05 UTC

Description Catherine Robson 2013-10-21 03:27:06 UTC 
Description of problem:
In the ActivityClient quickstart POM file, the password is currently shown in cleartext.  Is this the case in other quickstarts too?

Expected solution:
Passwords should be hashed and the password should be stored in the keystore.  

Justification:
As noted from field engineers, even the use of cleartext passwords only in the quickstarts would result in a failed security audit for many of our customers.
Comment 2 kconner 2013-10-31 00:24:36 UTC 
Gary, can you take a look at the RTGov quickstarts and then assign back to me?
Comment 3 Gary Brown 2013-11-04 17:23:54 UTC 
Only the ActivityClient sample required a username/password - the user is now prompted to enter this information, so is no longer stored.
Comment 4 Jiri Pechanec 2013-12-13 07:51:07 UTC 
Verified in ER7
Comment 5 JBoss JIRA Server 2014-07-02 09:18:45 UTC 
Gary Brown <gary> updated the status of jira RTGOV-310 to Closed
Note You need to log in before you can comment on or make changes to this bug.