-
Notifications
You must be signed in to change notification settings - Fork 4
GSIP 63 Encrypt Plaintext Passwords
Support digest and encrypted passwords for users and datastore credentials.
{warning} This proposal has been superseded by [GSIP 71 - New Security Subsystem]. {warning}
[Ian Schneider]
TDB. 2.1.x or later.
Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred
User and datastore passwords are currently stored in plaintext. This is an obvious security hazard.
There are two basic components of this proposal:
- Support digest storage of user passwords. This implies non-recoverable passwords for users but provides higher security than recoverable passwords.
- Support encrypted passwords for datastore credentials. These passwords must be decryptable to allow plaintext transmission to authentication systems. A master password is used to encrypt these.
Additional features include:
- Opt-in only. To enabled the system, a configuration property must be set.
- Configurable digest and encryption algorithms and JCE security provider.
- Default provider and SPI for custom provider.
- JMX bean supports changing master password.
- User docs\!
Other Notes:
- Currently using the Jasypt library. This provides a nice JCE wrapper and integrates with spring security.
- Patch currently has tests that all pass. Additional manual tests run to ensure behavior.
- Should pave the way for integration with GSIP 53 - [http://geoserver.org/display/GEOS/GSIP+53+Geoserver+security+improvement]
Question:
Given default behavior is disabled (unit tests all work with enabled), the unit tests that touch the security layer should all be run in both modes - disabled and enabled. Support for this is in the current patch, but I don’t like the way it is implemented. Any other good approaches to acheiving this?
This section should contain feedback provided by PSC members who may have a problem with the proposal.
No backwards compatibility issues as the functionality is disabled by default. One enabled, the digestion of passwords is not reversable. Encypted datastore passwords are recoverable, but no support is provided to assist the end user in recovery (by design).
Andrea Aime: +1 Alessio Fabiani: Ben Caradoc Davies: +1 Gabriel Roldan: Justin Deoliveira: +1 Jody Garnett: +1 Mark Leslie: +1 Simone Giannecchini:
http://jira.codehaus.org/browse/GEOS–4702
[http://osgeo-org.1803224.n2.nabble.com/plaintext-password-storage-td6665497.html]
Wiki Page