Uploaded image for project: 'VYSPER'
  1. VYSPER
  2. VYSPER-267

password for an entity is stored in clear text

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      password storage is in clear text. if there was a compromise, there would be a clear text map of entities:password ... for example, in the org.apache.vysper.xmpp.server.ServerMain class:

      accountManagement.addUser("user1@vysper.org", "password1");

      Tracing the addUser method the "password" is never encrypted for storage.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sdolgy Sasha Dolgy
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: