1 Reply Latest reply on Nov 21, 2008 1:53 PM by peterj

    security issue with plain text password for jmx console

    patwary_shiva

      The JMX console storing the username/password in a plain text file(jmx-console-users.properties).Is there any way to configure the jboss to encrypt this file? so the jmx-console-users.properties will contain encrypted username/password?
      I found that data source password can be encrpted.Can i use the same way fro jmx console too. I am using jboss 4.2 EAP.

        • 1. Re: security issue with plain text password for jmx console
          peterj

          You would have to write code to encrypt those files. Basically, extending the UsersRolesLoginModule.

          You could store the user names and password in a database. But even then, if the passwords are encrypted, you would have to extend the DatabaseServerLoginModule and override the convertRawPassword to handle the encrypted password.

          Or you could connect to an LDAP server. Then no extra coding is necessary and LDAP maintains encrypted passwords.