Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-1854

Prevent leaking of sensitive information via @Property

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 3.4.5, 3.5
    • None
    • None

    Description

      Some protocols inadvertently expose sensitive information via @Property, e.g.

      @Property String password

      This needs to be changed to 

      @Property(exposeAsManagedAttribute=false) String password

      This way, password can be set via XML, but can not be queried via probe.sh or JMX.

      Examples:

      • JDBC_PING, SWIFT_PING, RACKSPACE_PING, S3_PING, GOOGLE_PING
      • AUTH and plugin tokens
      • ENCRYPT
      • SASL (see JGRP-1853)

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JGRP-1853 SASL: don't expose passwords/credentials as managed properties

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-engineering-bban Bela Ban
              rhn-engineering-bban Bela Ban
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: