Skip to main content

Resource Passwords

1 reply [Last post]
ozielneto
Offline
Joined: 2005-07-25

In SJSAS 7 and SJSAS 8, the resources password are stored in server.xml in clear text.

Some Sun Customers desire this feature to avoid critical security problems.

Have any feature submission that request those passwords are stored ciphered?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
monzillo
Offline
Joined: 2004-05-08

In SJSAS 8.x and going forward, one may replace passwords stored in domain.xml, with password alias values. Password aliases are recognized by a particular syntax.

${alias=keyalias)

When an alias value is used, the related passwords are acquired from an appserver keystore (where they are kept in encrypted form)

The appserver dereferences the passwords from the keystore when it needs them.

the admin commands: create-password-alias, list-password-aliases, delete-password-alias are provided to configure the appserver's keystore.

see the section titled "Managing Security of Passwords" in
http://docs.sun.com/source/819-0076/security.html#wp1195766

Ron