[jboss-jira] [JBoss JIRA] (JGRP-1854) Prevent leaking of sensitive information via @Property
Bela Ban (JIRA)
issues at jboss.org
Tue Jun 17 09:31:24 EDT 2014
[ https://issues.jboss.org/browse/JGRP-1854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban updated JGRP-1854:
---------------------------
Description:
Some protocols inadvertently expose sensitive information via {{@Property}}, e.g.
{noformat}
@Property String password
{noformat}
This needs to be changed to
{noformat}
@Property(exposeAsManagedAttribute=false) String password
{noformat}
This way, {{password}} can be set via XML, but can not be queried via probe.sh or JMX.
Examples:
* JDBC_PING, SWIFT_PING, RACKSPACE_PING, S3_PING, GOOGLE_PING
* AUTH and plugin tokens (?)
* ENCRYPT
* SASL (see JGRP-1853)
was:
Some protocols inadvertently expose sensitive information via {{@Property}}, e.g.
{noformat}
@Property String password
{noformat}
This needs to be changed to
{noformat}
@Property(exposeAsManagedAttribute=false) String password
{noformat}
This way, {{password}} can be set via XML, but can not be queried via probe.sh or JMX
> Prevent leaking of sensitive information via @Property
> ------------------------------------------------------
>
> Key: JGRP-1854
> URL: https://issues.jboss.org/browse/JGRP-1854
> Project: JGroups
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Reporter: Bela Ban
> Assignee: Bela Ban
> Fix For: 3.4.5, 3.5
>
>
> Some protocols inadvertently expose sensitive information via {{@Property}}, e.g.
> {noformat}
> @Property String password
> {noformat}
> This needs to be changed to
> {noformat}
> @Property(exposeAsManagedAttribute=false) String password
> {noformat}
> This way, {{password}} can be set via XML, but can not be queried via probe.sh or JMX.
> Examples:
> * JDBC_PING, SWIFT_PING, RACKSPACE_PING, S3_PING, GOOGLE_PING
> * AUTH and plugin tokens (?)
> * ENCRYPT
> * SASL (see JGRP-1853)
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list