February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.... ] Brian Stansberry updated WFLY-8161: ----------------------------------- Git Pull Request: (was: https://github.com/wildfly/wildfly/pull/9675) > JDR Subsystem destroys password related system properties > --------------------------------------------------------- > > Key: WFLY-8161 > URL: https://issues.jboss.org/browse/WFLY-8161 > Project: WildFly > Issue Type: Bug > Components: JDR > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: John Mazzitelli > Assignee: Brad Maxwell > Priority: Critical > > When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: > https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... > One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". > To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.... ] Brian Stansberry reassigned WFLY-8161: -------------------------------------- Assignee: Brian Stansberry (was: Brad Maxwell) > JDR Subsystem destroys password related system properties > --------------------------------------------------------- > > Key: WFLY-8161 > URL: https://issues.jboss.org/browse/WFLY-8161 > Project: WildFly > Issue Type: Bug > Components: JDR > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: John Mazzitelli > Assignee: Brian Stansberry > > When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: > https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... > One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". > To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.... ] Brian Stansberry updated WFLY-8161: ----------------------------------- Priority: Critical (was: Major) > JDR Subsystem destroys password related system properties > --------------------------------------------------------- > > Key: WFLY-8161 > URL: https://issues.jboss.org/browse/WFLY-8161 > Project: WildFly > Issue Type: Bug > Components: JDR > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: John Mazzitelli > Assignee: Brian Stansberry > Priority: Critical > > When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: > https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... > One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". > To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8162) JDR Subsystem destroys password related system properties

by Brian Stansberry (JIRA)

Brian Stansberry created WFLY-8162: -------------------------------------- Summary: JDR Subsystem destroys password related system properties Key: WFLY-8162 URL: https://issues.jboss.org/browse/WFLY-8162 Project: WildFly Issue Type: Bug Components: JDR Affects Versions: 10.0.0.Final, 10.1.0.Final Reporter: John Mazzitelli Assignee: Brian Stansberry Priority: Critical When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.... ] Brian Stansberry commented on WFLY-8161: ---------------------------------------- This shouldn't change the property at all. There's no need to. > JDR Subsystem destroys password related system properties > --------------------------------------------------------- > > Key: WFLY-8161 > URL: https://issues.jboss.org/browse/WFLY-8161 > Project: WildFly > Issue Type: Bug > Components: JDR > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: John Mazzitelli > Assignee: Brad Maxwell > > When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: > https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... > One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". > To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-969) Add a KeyStore implementation that can use the key store password for retrieving entries.

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-969: ------------------------------------ Summary: Add a KeyStore implementation that can use the key store password for retrieving entries. Key: ELY-969 URL: https://issues.jboss.org/browse/ELY-969 Project: WildFly Elytron Issue Type: Feature Request Components: KeyStores Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.1.0.Beta28 A KeyManager which uses a KeyStore is defined independently of the KeyStore - it is the KeyManager that has the password for the entry in the KeyStore whilst the KeyStore has the password for the overall store. In many cases the password used for the overall store is the same password as used for the entries. We should provide a KeyStore implementation that can substitute the password received. We may even be able to go one step further and add a password resolver which could mean a CredentialStore is used to obtain the password for different entries, -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8160) Webservice response File Descriptor leak

by Mahesh Reddy (JIRA)

[ https://issues.jboss.org/browse/WFLY-8160?page=com.atlassian.jira.plugin.... ] Mahesh Reddy edited comment on WFLY-8160 at 2/17/17 10:39 AM: -------------------------------------------------------------- New file descriptors i see created for each request. Sample as below > java 12734 megha 778r FIFO 0,8 0t0 107360753 pipe > java 12734 megha 779w FIFO 0,8 0t0 107360753 pipe was (Author: maheshvizag): New file descriptors i see created for each request. Sample as below > java 18967 megha *921r FIFO 0,8 0t0 1244095284 pipe > java 18967 megha *922w FIFO 0,8 0t0 1244095284 pipe > java 18967 megha *923u a_inode 0,9 0 6115 [eventpoll] > Webservice response File Descriptor leak > ---------------------------------------- > > Key: WFLY-8160 > URL: https://issues.jboss.org/browse/WFLY-8160 > Project: WildFly > Issue Type: Bug > Components: Web Services > Affects Versions: 9.0.0.Final, 9.0.2.Final, 10.1.0.Final > Environment: JDK: jdk1.8.0_121, jdk1.8.0_66 > WilfFly : wildfly-10.1.0.Final, wildfly-9.0.2.Final , wildfly-9.0.0.Final > OS: Red Hat Enterprise Linux Server release 7.1 (Maipo) > Hardware: 64 bit 4 core > Reporter: Mahesh Reddy > Assignee: Alessio Soldano > Priority: Blocker > Attachments: BioMatcherWebserviceImpl.java, SOAP_REQUEST.txt, SOAP_RESPONSE.txt > > > We are getting File descriptor leak when wildfly responds to webservice call. > I think this happens if the webresvice response is huge complex structure, > I confirmed by adding the sleep just before the returning from the webservice method and checking lsof -p <pid>, And again checking it after client receives the response,. > I notice for each webservice call, 2 file descriptors are open and never closed. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

by John Mazzitelli (JIRA)

[ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.... ] John Mazzitelli updated WFLY-8161: ---------------------------------- Issue Type: Bug (was: Task) > JDR Subsystem destroys password related system properties > --------------------------------------------------------- > > Key: WFLY-8161 > URL: https://issues.jboss.org/browse/WFLY-8161 > Project: WildFly > Issue Type: Bug > Components: JDR > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: John Mazzitelli > Assignee: Brad Maxwell > > When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: > https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... > One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". > To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

by John Mazzitelli (JIRA)

John Mazzitelli created WFLY-8161: ------------------------------------- Summary: JDR Subsystem destroys password related system properties Key: WFLY-8161 URL: https://issues.jboss.org/browse/WFLY-8161 Project: WildFly Issue Type: Task Components: JDR Affects Versions: 10.1.0.Final, 10.0.0.Final Reporter: John Mazzitelli Assignee: Brad Maxwell When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here: https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/... One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>". To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8160) Webservice response File Descriptor leak

by Mahesh Reddy (JIRA)

[ https://issues.jboss.org/browse/WFLY-8160?page=com.atlassian.jira.plugin.... ] Mahesh Reddy commented on WFLY-8160: ------------------------------------ New file descriptors i see created for each request. Sample as below > java 18967 megha *921r FIFO 0,8 0t0 1244095284 pipe > java 18967 megha *922w FIFO 0,8 0t0 1244095284 pipe > java 18967 megha *923u a_inode 0,9 0 6115 [eventpoll] > Webservice response File Descriptor leak > ---------------------------------------- > > Key: WFLY-8160 > URL: https://issues.jboss.org/browse/WFLY-8160 > Project: WildFly > Issue Type: Bug > Components: Web Services > Affects Versions: 9.0.0.Final, 9.0.2.Final, 10.1.0.Final > Environment: JDK: jdk1.8.0_121, jdk1.8.0_66 > WilfFly : wildfly-10.1.0.Final, wildfly-9.0.2.Final , wildfly-9.0.0.Final > OS: Red Hat Enterprise Linux Server release 7.1 (Maipo) > Hardware: 64 bit 4 core > Reporter: Mahesh Reddy > Assignee: Alessio Soldano > Priority: Blocker > Attachments: BioMatcherWebserviceImpl.java, SOAP_REQUEST.txt, SOAP_RESPONSE.txt > > > We are getting File descriptor leak when wildfly responds to webservice call. > I think this happens if the webresvice response is huge complex structure, > I confirmed by adding the sleep just before the returning from the webservice method and checking lsof -p <pid>, And again checking it after client receives the response,. > I notice for each webservice call, 2 file descriptors are open and never closed. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017