<s:password label="%{text('password')}" name="password" size="10" maxlength="15" />
+ Password is set as a system property. + The password is prompted for and read from standard input + A program is run to get the password.Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated by run org.mortbay.util.Password as a main class. Obfuscated password are required if a system needs to recover the full password (eg. so that it may be passed to another system). They are not secure, but prevent casual observation.
Passwords that begin with CRYPT: are oneway encrypted with UnixCrypt. The real password cannot be retrieved, but comparisons can be made to other passwords. A Crypt can be generated by running org.mortbay.util.UnixCrypt as a main class, passing password and then the username. Checksum passwords are a secure(ish) way to store passwords that only need to be checked rather than recovered. Note that it is not strong security - specially if simple passwords are used. @version $Id: Password.java,v 1.13 2005/08/13 00:01:28 gregwilkins Exp $ @author Greg Wilkins (gregw)
+ Password is set as a system property. + The password is prompted for and read from standard input + A program is run to get the password.Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated by run org.eclipse.util.Password as a main class. Obfuscated password are required if a system needs to recover the full password (eg. so that it may be passed to another system). They are not secure, but prevent casual observation.
Passwords that begin with CRYPT: are oneway encrypted with UnixCrypt. The real password cannot be retrieved, but comparisons can be made to other passwords. A Crypt can be generated by running org.eclipse.util.UnixCrypt as a main class, passing password and then the username. Checksum passwords are a secure(ish) way to store passwords that only need to be checked rather than recovered. Note that it is not strong security - specially if simple passwords are used.
+ Password is set as a system property. + The password is prompted for and read from standard input + A program is run to get the password.Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated by run org.openqa.jetty.util.Password as a main class. Obfuscated password are required if a system needs to recover the full password (eg. so that it may be passed to another system). They are not secure, but prevent casual observation.
Passwords that begin with CRYPT: are oneway encrypted with UnixCrypt. The real password cannot be retrieved, but comparisons can be made to other passwords. A Crypt can be generated by running org.openqa.jetty.util.UnixCrypt as a main class, passing password and then the username. Checksum passwords are a secure(ish) way to store passwords that only need to be checked rather than recovered. Note that it is not strong security - specially if simple passwords are used. @version $Id: Password.java,v 1.13 2005/08/13 00:01:28 gregwilkins Exp $ @author Greg Wilkins (gregw)
Password element.
@see "WS-Security UsernameToken Profile 1.1"
Generally, it is thought to be good security practice to store passwords in character arrays rather than Strings, under the assumption that by clearing the character array when you're done with it, you can eliminate all instances of the password in memory (and since Strings are immutable, you can't clear the password out of them). However, the JVM doesn't give any guarantees that there is only one copy of an array in memory, so this practice may not provide as much protection as one might hope.
Regardless, some security frameworks support only character arrays, some support only strings, and some support both. This class accepts and provides both to maximize compatibility. Internally, the password is stored as a character array, with a {@link #clear()} method provided to erase its contents.
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |