Scott Stark wrote:
An adminstrator should be able to specify or override an application specific security domain setting. If needed, it could be a domain property to ignore security domain settings from applications, but it certainly is an ease of use feature to allow them.
Can we have a properties element in the security domain schema that can allow for the properties files information to be provide?
Yes I agree that if we support application provided security domains, that there needs to be a flag that must be set to allow them.
We should also support property value obfuscation based on some domain server key in general for properties. Is that a notion we have in the domain model?
We have support for expressions, so they could be extended to allow for this.
Note that it may well be worth having a basic user password management mechanism in domain.xml to replace the old properties file approach. However, if we do obfucryption the user would still have to get the key on every box.
Password based encryption is lower in trust pyramid - does not require keys but is able to mask passwords which works for most deployments. So if this PBE approach can be taken to mask the password.
|Retrieving data ...|