Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orion-dev] passwrod when create user

Hi,

 

user.json files of all cloud accounts are stored in a central file system of the cloud provider. Cloud customers are worried because cloud provider administrator has direct access to file system and can collect all user/passwords, etc.

To avoid storing credentials in Orion we enable using an external id provider that stores the credentials.

 

Best Regards

Sergio

 

From: orion-dev-bounces@xxxxxxxxxxx [mailto:orion-dev-bounces@xxxxxxxxxxx] On Behalf Of Anthony Hunter
Sent: יום ב 07 דצמבר 2015 17:51
To: Orion developer discussions <orion-dev@xxxxxxxxxxx>
Subject: Re: [orion-dev] passwrod when create user

 

This may be better discussed in a Bugzilla. I am not sure what risk issue you are raising.

The user.json is only accessible by the user that owns it and only indirectly through server API. So I am not sure who you are worried is going to "see" this user.json.

Cheers...
Anthony


Inactive hide details for "Balan, Yossi" ---2015/12/07 10:23:45 AM---Hi This is what I meant."Balan, Yossi" ---2015/12/07 10:23:45 AM---Hi This is what I meant.

From: "Balan, Yossi" <yossi.balan@xxxxxxx>
To: Orion developer discussions <orion-dev@xxxxxxxxxxx>
Date: 2015/12/07 10:23 AM
Subject: Re: [orion-dev] passwrod when create user
Sent by: orion-dev-bounces@xxxxxxxxxxx




Hi

This is what I meant.
Why did you keep it in the user.json ?
Is it secured to keep the password on user.json even it encrypted, ? ( as far as I know the method for the encrypted is not secure enough )

Regards,
Yossi


From: orion-dev-bounces@xxxxxxxxxxx [mailto:orion-dev-bounces@xxxxxxxxxxx] On Behalf Of Anthony Hunter
Sent: Monday, December 07, 2015 5:14 PM
To: Orion developer discussions <orion-dev@xxxxxxxxxxx>
Subject: Re: [orion-dev] passwrod when create user

Hi Yossi, I am not sure of the question, but when you create a user using the users API a password is required and yes it is encrypted on disk in the user.json.

https://wiki.eclipse.org/Orion/Server_API/User_API#Create_a_user

Cheers...
Anthony


Inactive hide details for "Balan, Yossi" ---2015/12/06 09:27:56 AM---Hi I found that in user.json when you create new user ( no"Balan, Yossi" ---2015/12/06 09:27:56 AM---Hi I found that in user.json when you create new user ( not admin ) or the admin user is not exist

From: "Balan, Yossi" <yossi.balan@xxxxxxx>
To: "orion-dev@xxxxxxxxxxx" <orion-dev@xxxxxxxxxxx>
Date: 2015/12/06 09:27 AM
Subject: [orion-dev] passwrod when create user
Sent by: orion-dev-bounces@xxxxxxxxxxx





Hi

I found that in user.json when you create new user ( not admin ) or the admin user is not exist you keep the property password encrypted.
Is it a bug or Orion need it for any validation ?

Regards,
Yossi_______________________________________________
orion-dev mailing list
orion-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/orion-dev_______________________________________________
orion-dev mailing list
orion-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/orion-dev

Back to the top