Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-292

org.jboss.security.plugins.FilePassword requires write permission for decoding

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • JBossSecurity_2.0.4.SP5, PicketBox_v4_0_alpha3
    • 2.0.1.GA, 2.0.2-BETA, 2.0.1-BETA1, 2.0.1-BETA2, 2.0.2-BETA3, 2.0.2-BETA4, 2.0.2-BETA5, 2.0.2-BETA6, 2.0.2.Beta7, JBossSecurity_2.0.2.CR1, 2.0.2.CR2, 2.0.2.CR3, 2.0.2.CR4, 2.0.2.CR5, 2.0.2.CR6, 2.0.2.CR7, 2.0.2.CR8
    • None
    • None

    • JBoss AS 4.2.3.GA

      We use org.jboss.security.plugins.FilePassword to avoid storing passwords in clear text. Once created, we'd like to change the file's permission to read-only for regular users in order to ensure that only trusted users can update it.

      However, this won't work as the class FilePassword always requires write permission even for decoding the password. The class should be modified so that write permission is only required when create / update the password file.

        1. SECURITY-292.patch
          0.6 kB

              mmoyses Marcus Moyses (Inactive)
              alllle_jira Alan Feng (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: