In SJSAS 7 and SJSAS 8, the resources password are stored in server.xml in clear text.
Some Sun Customers desire this feature to avoid critical security problems.
Have any feature submission that request those passwords are stored ciphered?
In SJSAS 8.x and going forward, one may replace passwords stored in domain.xml, with password alias values. Password aliases are recognized by a particular syntax.
When an alias value is used, the related passwords are acquired from an appserver keystore (where they are kept in encrypted form)
The appserver dereferences the passwords from the keystore when it needs them.
the admin commands: create-password-alias, list-password-aliases, delete-password-alias are provided to configure the appserver's keystore.
see the section titled "Managing Security of Passwords" in
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Participation.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.