« Evolution of Access Control Models | Main | Jericho Forum Panel @ RSA »

Comments

Alex

face-palm.

Davanum Srinivas

Gunnar,

AFAIK, Redbooks exist to show all the possibilities.

If you see infocenter for WAS7, you will see one more reason why we don't support password digests.

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/cwbs_usernametokenv6.html

"WebSphere® Application Server supports the default PasswordText type. However, it does not support password digest because most user registry security policies do not expose the password to the application software."

Yes, there could/should be warnings added to avoid certain things.

But that's why we need folks like you to preach the best practices :)

The comments to this entry are closed.