[jboss-jira] [JBoss JIRA] (AS7-3419) JBossWeb::ssl element in connector settings should check for vaultified strings
Tomaz Cerar (JIRA)
jira-events at lists.jboss.org
Thu Feb 2 16:08:48 EST 2012
[ https://issues.jboss.org/browse/AS7-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12663892#comment-12663892 ]
Tomaz Cerar commented on AS7-3419:
----------------------------------
I see your problem, expressions are resolved the proper way, that is by calling OperationContext.resolveExpression(node)
that one then decides how to resolve expression. RuntimeExpressionResolver class is the one that actually resolves Vault expressions.
I can confirm that this is a bug in RuntimeExpressionResolver as it should not remove last character... let me test this more toughly as resolver is global for resolving all expressions
> JBossWeb::ssl element in connector settings should check for vaultified strings
> -------------------------------------------------------------------------------
>
> Key: AS7-3419
> URL: https://issues.jboss.org/browse/AS7-3419
> Project: Application Server 7
> Issue Type: Feature Request
> Components: Web
> Affects Versions: 7.1.0.CR1
> Reporter: Anil Saldhana
> Assignee: Tomaz Cerar
> Fix For: 7.1.0.Final
>
>
> Currently, the passwords in the ssl element of the connector settings are in clear text.
> https://community.jboss.org/wiki/JBossAS7SecuringPasswords describes very simple ways of checking whether a string is of the vault format and invoking the vault to get the decrypted string value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list