[VYSPER-267] password for an entity is stored in clear text - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- password

Description

password storage is in clear text. if there was a compromise, there would be a clear text map of entities:password ... for example, in the org.apache.vysper.xmpp.server.ServerMain class:

accountManagement.addUser("user1@vysper.org", "password1");

Tracing the addUser method the "password" is never encrypted for storage.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Sasha Dolgy

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Feb/11 15:59

Updated:: 18/Feb/11 15:59