Bug 1021309 - Password should not be in cleartext
Password should not be in cleartext
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Examples (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER7
: 6.0.0
Assigned To: Gary Brown
Jiri Pechanec
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-20 23:27 EDT by Catherine Robson
Modified: 2014-07-02 05:18 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker RTGOV-310 Major Closed ActivityClient sample should prompt for username and password 2017-01-05 15:47 EST

  None (edit)
Description Catherine Robson 2013-10-20 23:27:06 EDT
Description of problem:
In the ActivityClient quickstart POM file, the password is currently shown in cleartext.  Is this the case in other quickstarts too?

Expected solution:
Passwords should be hashed and the password should be stored in the keystore.  

Justification:
As noted from field engineers, even the use of cleartext passwords only in the quickstarts would result in a failed security audit for many of our customers.
Comment 2 kconner 2013-10-30 20:24:36 EDT
Gary, can you take a look at the RTGov quickstarts and then assign back to me?
Comment 3 Gary Brown 2013-11-04 12:23:54 EST
Only the ActivityClient sample required a username/password - the user is now prompted to enter this information, so is no longer stored.
Comment 4 Jiri Pechanec 2013-12-13 02:51:07 EST
Verified in ER7
Comment 5 JBoss JIRA Server 2014-07-02 05:18:45 EDT
Gary Brown <gary@brownuk.com> updated the status of jira RTGOV-310 to Closed

Note You need to log in before you can comment on or make changes to this bug.