[JBoss JIRA] (JGRP-188) JGroups should not use System properties, because it's too restrictive
- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
[
https://issues.jboss.org/browse/JGRP-188?page=com.atlassian.jira.plugin.s...
]
Julien Kronegg commented on JGRP-188:
-------------------------------------
I think this issue should be reopened because using configuration parameters set through
System properties may lead to security issues.
Imagine that encryption parameters store password and key password are set via System
properties such as:
{code}
<ENCRYPT store_password="${systemPropertyStorePassword:changeit}"
store_password="${systemPropertyKeyPassword:changeit}"/>
{code}
This may lead to security issues if the system properties may be read remotely. This
occurs e.g. via MBeans:
- IBM's ITCAM OSInfo
- JBoss AS's System Properties Service
(http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch10.html)
The information disclosure is limited since the passwords are only used to unlock the
keystore (they could not be used to decrypt the data).
JGroups should not use System properties, because it's too
restrictive
----------------------------------------------------------------------
Key: JGRP-188
URL: https://issues.jboss.org/browse/JGRP-188
Project: JGroups
Issue Type: Feature Request
Affects Versions: 2.2.8, 2.2.9, 2.2.9.1
Environment: all
Reporter: Robert Stevenson
Assignee: Bela Ban
Priority: Minor
Fix For: 2.4
Original Estimate: 1 day
Remaining Estimate: 1 day
JGroups should not use System properties for configuration, it should instead use a
Global Configurator class (singleton), similar to log4j; which just contains a Properties
object. This would allow JGroups to be much easier to move around to different
environments. For example : (Applet), which does not have access to easily change System
properties, on a per applet basis.
This new class could have a mapping/conversion method to make the current -D command line
options be put into this new Properties Configurator for backward compatibility
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4781
days inactive
4781
days old
0 comments
1 participants
tags (0)
participants (1)
-
Julien Kronegg (Commented) (JIRA)