Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-5016517

Replace plaintext passwords by hashed passwords for out-of-the-box JMX Agent

    Details

    • Type: Enhancement
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 5.0, 9, 10
    • Fix Version/s: 10
    • Component/s: core-svc

      Description


      Name: mc120937 Date: 03/18/2004


      Currently, user/password are stored in cleartext in jmxremote.password
      file. jmxmreote.password file must be read-only by owner only.

      Hashing the password is a good refinement scheme and will
      also allow sharing of a password file by multiple users
      of a group.

      --------------------------------------
      Vincent Ryan wrote:

      Here are some details on the password hashing mechanism
      that's used in the prototype:

         http://developer.netscape.com/docs/technote/ldap/pass_sha.html

      The Salted Secure Hash Algorithm (SSHA) mechanism is the default password
      storage mechanism used in our LDAP Directory Server product today:

         http://docs.sun.com/source/816-6700-10/aci.html#14932

      The one-way hash protects against password disclosure, the salt protects
      against pre-computed-hash dictionary attacks.

      ------------------------

      Changes included:
      * Replace plaintext passwords by hashed passwords

      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hb Harsha Wardhana B
                Reporter:
                mchung Mandy Chung
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: