[jboss-jira] [JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties

[Brian Stansberry (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13365634#comment-13365634 ] 

Brian Stansberry commented on WFLY-8161:
----------------------------------------

This shouldn't change the property at all. There's no need to.

> JDR Subsystem destroys password related system properties
> ---------------------------------------------------------
>
>                 Key: WFLY-8161
>                 URL: https://issues.jboss.org/browse/WFLY-8161
>             Project: WildFly
>          Issue Type: Bug
>          Components: JDR
>    Affects Versions: 10.0.0.Final, 10.1.0.Final
>            Reporter: John Mazzitelli
>            Assignee: Brad Maxwell
>
> When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here:
> https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/java/org/jboss/as/jdr/commands/SystemProperties.java#L51-L53
> One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>".
> To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)