[jboss-jira] [JBoss JIRA] (WFLY-8161) JDR Subsystem destroys password related system properties
Brian Stansberry (JIRA)
issues at jboss.org
Fri Feb 17 11:36:01 EST 2017
[ https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry reassigned WFLY-8161:
--------------------------------------
Assignee: Brian Stansberry (was: Brad Maxwell)
> JDR Subsystem destroys password related system properties
> ---------------------------------------------------------
>
> Key: WFLY-8161
> URL: https://issues.jboss.org/browse/WFLY-8161
> Project: WildFly
> Issue Type: Bug
> Components: JDR
> Affects Versions: 10.0.0.Final, 10.1.0.Final
> Reporter: John Mazzitelli
> Assignee: Brian Stansberry
>
> When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here:
> https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/java/org/jboss/as/jdr/commands/SystemProperties.java#L51-L53
> One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>".
> To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list