Tools (JBoss Tools)
  1. Tools (JBoss Tools)
  2. JBIDE-10490

do not store server passwords in plain text

    Details

    • Type: Bug Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 3.3.0.Beta1
    • Component/s: server
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      last time we looked at this passwords were still being stored "unsafely" - opening this to make sure we get that fixed by using eclipse's secure storage apis

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Max Rydahl Andersen added a comment -

            its a password dialog so its required only when password is needed - which tests has that requirement today?

            Show
            Max Rydahl Andersen added a comment - its a password dialog so its required only when password is needed - which tests has that requirement today?
            Hide
            Max Rydahl Andersen added a comment -

            btw. example of system property related to "hide dialogs" are:

            jface enables these by default when running in headless mode, not sure how actually
            org.eclipse.jface.dialogsErrorDialog.AUTOMATED_MODE
            org.eclipse.jface.util.SafeRunnable.get/setIgnoreErrors

            our own usage tracking has:
            usage_reporting_enabled

            and WTP also have one related to approving license of xsd/dtd downloads
            wtp.autotest.noninteractive

            ...but for this case I do not understand why any tests would trigger this since they don't require username/passwords afaik.

            Show
            Max Rydahl Andersen added a comment - btw. example of system property related to "hide dialogs" are: jface enables these by default when running in headless mode, not sure how actually org.eclipse.jface.dialogsErrorDialog.AUTOMATED_MODE org.eclipse.jface.util.SafeRunnable.get/setIgnoreErrors our own usage tracking has: usage_reporting_enabled and WTP also have one related to approving license of xsd/dtd downloads wtp.autotest.noninteractive ...but for this case I do not understand why any tests would trigger this since they don't require username/passwords afaik.
            Hide
            Rob Stryker added a comment -

            Found the stack:

            at org.eclipse.equinox.internal.security.storage.SecurePreferencesWrappe
            r.put(SecurePreferencesWrapper.java:110)
            at org.jboss.ide.eclipse.as.core.util.ServerUtil.storeInSecureStorage(Se
            rverUtil.java:208)
            at org.jboss.ide.eclipse.as.test.server.ServerSecureStorageTest.testServ
            erSecureStorage(ServerSecureStorageTest.java:30)

            Seems testing the secure storage is what's initiating this debacle...

            Show
            Rob Stryker added a comment - Found the stack: at org.eclipse.equinox.internal.security.storage.SecurePreferencesWrappe r.put(SecurePreferencesWrapper.java:110) at org.jboss.ide.eclipse.as.core.util.ServerUtil.storeInSecureStorage(Se rverUtil.java:208) at org.jboss.ide.eclipse.as.test.server.ServerSecureStorageTest.testServ erSecureStorage(ServerSecureStorageTest.java:30) Seems testing the secure storage is what's initiating this debacle...
            Hide
            Rob Stryker added a comment -

            Well, this specific issue is resolved. I could not find a way to actually test secure storage with credentials (or forcing a no-credential flag), so i finally just disabled hte test. Finally have a good build after a week or so of bad stuff.

            ALl manual tests indicate secure storage functions properly.

            Show
            Rob Stryker added a comment - Well, this specific issue is resolved. I could not find a way to actually test secure storage with credentials (or forcing a no-credential flag), so i finally just disabled hte test. Finally have a good build after a week or so of bad stuff. ALl manual tests indicate secure storage functions properly.
            Hide
            Martin Malina added a comment -

            Verified in jbdevstudio-product-universal-5.0.0.v201202250031M-H77-Beta1.jar

            Show
            Martin Malina added a comment - Verified in jbdevstudio-product-universal-5.0.0.v201202250031M-H77-Beta1.jar

              People

              • Assignee:
                Rob Stryker
                Reporter:
                Max Rydahl Andersen
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development