Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8933

(7.0.z) JDR Subsystem destroys password related system properties

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.0.6.CR2, 7.0.6.GA
    • 7.0.6.CR1
    • JDR
    • None
    • EAP 7.0.6

      When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here:

      https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/java/org/jboss/as/jdr/commands/SystemProperties.java#L51-L53

      One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>".

      To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values.

            rhn-support-bmaxwell Brad Maxwell
            rhn-support-bmaxwell Brad Maxwell
            Jiří Bílek Jiří Bílek (Inactive)
            Jiří Bílek Jiří Bílek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: