creating secure connections to active-fedora?

[Bess Sadler]

Hi, everyone.

What's the best way to pass login and password data to active-fedora without having plain text passwords exposed? I'm concerned that I have stuff like this in my log files:

I, [2011-08-11T12:58:11.658434 #70847] INFO -- : FEDORA: initializing Fedora with fedora_config: {:url=>"http://fedoraAdmin:fedor...@127.0.0.1:8983/fedora"}

Obviously I'm not too concerned about giving away the default fedora login and password, but it occurs to me that as we move toward using this software in production this could be a security hole.

Is there a different way to specify passwords that I'm not aware of? Or is this just something we haven't tackled yet?

Thanks!

Bess