Tools (JBoss Tools)
  1. Tools (JBoss Tools)
  2. JBIDE-10490

do not store server passwords in plain text

    Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Blocker Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 3.3.0.Beta1
    • Component/s: server
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      last time we looked at this passwords were still being stored "unsafely" - opening this to make sure we get that fixed by using eclipse's secure storage apis

        Issue Links

          Activity

          Hide
          Max Rydahl Andersen
          added a comment -

          its a password dialog so its required only when password is needed - which tests has that requirement today?

          Show
          Max Rydahl Andersen
          added a comment - its a password dialog so its required only when password is needed - which tests has that requirement today?
          Hide
          Max Rydahl Andersen
          added a comment -

          btw. example of system property related to "hide dialogs" are:

          jface enables these by default when running in headless mode, not sure how actually
          org.eclipse.jface.dialogsErrorDialog.AUTOMATED_MODE
          org.eclipse.jface.util.SafeRunnable.get/setIgnoreErrors

          our own usage tracking has:
          usage_reporting_enabled

          and WTP also have one related to approving license of xsd/dtd downloads
          wtp.autotest.noninteractive

          ...but for this case I do not understand why any tests would trigger this since they don't require username/passwords afaik.

          Show
          Max Rydahl Andersen
          added a comment - btw. example of system property related to "hide dialogs" are: jface enables these by default when running in headless mode, not sure how actually org.eclipse.jface.dialogsErrorDialog.AUTOMATED_MODE org.eclipse.jface.util.SafeRunnable.get/setIgnoreErrors our own usage tracking has: usage_reporting_enabled and WTP also have one related to approving license of xsd/dtd downloads wtp.autotest.noninteractive ...but for this case I do not understand why any tests would trigger this since they don't require username/passwords afaik.
          Hide
          Rob Stryker
          added a comment -

          Found the stack:

          at org.eclipse.equinox.internal.security.storage.SecurePreferencesWrappe
          r.put(SecurePreferencesWrapper.java:110)
          at org.jboss.ide.eclipse.as.core.util.ServerUtil.storeInSecureStorage(Se
          rverUtil.java:208)
          at org.jboss.ide.eclipse.as.test.server.ServerSecureStorageTest.testServ
          erSecureStorage(ServerSecureStorageTest.java:30)

          Seems testing the secure storage is what's initiating this debacle...

          Show
          Rob Stryker
          added a comment - Found the stack: at org.eclipse.equinox.internal.security.storage.SecurePreferencesWrappe r.put(SecurePreferencesWrapper.java:110) at org.jboss.ide.eclipse.as.core.util.ServerUtil.storeInSecureStorage(Se rverUtil.java:208) at org.jboss.ide.eclipse.as.test.server.ServerSecureStorageTest.testServ erSecureStorage(ServerSecureStorageTest.java:30) Seems testing the secure storage is what's initiating this debacle...
          Hide
          Rob Stryker
          added a comment -

          Well, this specific issue is resolved. I could not find a way to actually test secure storage with credentials (or forcing a no-credential flag), so i finally just disabled hte test. Finally have a good build after a week or so of bad stuff.

          ALl manual tests indicate secure storage functions properly.

          Show
          Rob Stryker
          added a comment - Well, this specific issue is resolved. I could not find a way to actually test secure storage with credentials (or forcing a no-credential flag), so i finally just disabled hte test. Finally have a good build after a week or so of bad stuff. ALl manual tests indicate secure storage functions properly.
          Hide
          Martin Malina
          added a comment -

          Verified in jbdevstudio-product-universal-5.0.0.v201202250031M-H77-Beta1.jar

          Show
          Martin Malina
          added a comment - Verified in jbdevstudio-product-universal-5.0.0.v201202250031M-H77-Beta1.jar

            People

            • Assignee:
              Rob Stryker
              Reporter:
              Max Rydahl Andersen
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: