[jboss-jira] [JBoss JIRA] (JGRP-1854) Prevent leaking of sensitive information via @Property
Bela Ban (JIRA)
issues at jboss.org
Tue Jun 17 09:27:24 EDT 2014
Bela Ban created JGRP-1854:
------------------------------
Summary: Prevent leaking of sensitive information via @Property
Key: JGRP-1854
URL: https://issues.jboss.org/browse/JGRP-1854
Project: JGroups
Issue Type: Task
Security Level: Public (Everyone can see)
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 3.4.5, 3.5
Some protocols inadvertently expose sensitive information via {{@Property}}, e.g.
{noformat}
@Property String password
{noformat}
This needs to be changed to
{noformat}
@Property(exposeAsManagedAttribute=false) String password
{noformat}
This way, {{password}} can be set via XML, but can not be queried via probe.sh or JMX
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list