Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-292

org.jboss.security.plugins.FilePassword requires write permission for decoding

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • JBossSecurity_2.0.4.SP5, PicketBox_v4_0_alpha3
    • 2.0.1.GA, 2.0.2-BETA, 2.0.1-BETA1, 2.0.1-BETA2, 2.0.2-BETA3, 2.0.2-BETA4, 2.0.2-BETA5, 2.0.2-BETA6, 2.0.2.Beta7, JBossSecurity_2.0.2.CR1, 2.0.2.CR2, 2.0.2.CR3, 2.0.2.CR4, 2.0.2.CR5, 2.0.2.CR6, 2.0.2.CR7, 2.0.2.CR8
    • None
    • None

      We use org.jboss.security.plugins.FilePassword to avoid storing passwords in clear text. Once created, we'd like to change the file's permission to read-only for regular users in order to ensure that only trusted users can update it.

      However, this won't work as the class FilePassword always requires write permission even for decoding the password. The class should be modified so that write permission is only required when create / update the password file.

        1. SECURITY-292.patch
          0.6 kB

            mmoyses Marcus Moyses (Inactive)
            alllle_jira Alan Feng (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: