Return-Path: 
 <cloudstack-dev-return-17513-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E5103EDEF
	for <apmail-incubator-cloudstack-dev-archive@minotaur.apache.org>;
 Wed, 16 Jan 2013 18:06:01 +0000 (UTC)
Received: (qmail 98365 invoked by uid 500); 16 Jan 2013 18:06:01 -0000
Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org
Received: (qmail 98332 invoked by uid 500); 16 Jan 2013 18:06:01 -0000
Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-dev@incubator.apache.org>
List-Id: <cloudstack-dev.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-dev@incubator.apache.org
Received: (qmail 98323 invoked by uid 99); 16 Jan 2013 18:06:01 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2013 18:06:01 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of saksham.srivastava@citrix.com
 designates 203.166.19.134 as permitted sender)
Received: from [203.166.19.134] (HELO SMTP.CITRIX.COM.AU) (203.166.19.134)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2013 18:05:55 +0000
X-IronPort-AV: E=Sophos;i="4.84,480,1355097600";
   d="scan'208";a="428606"
Received: from banpmailmx01.citrite.net ([10.103.128.73])
  by SYDPIPO01.CITRIX.COM.AU with ESMTP/TLS/RC4-MD5;
 16 Jan 2013 18:05:31 +0000
Received: from BANPMAILBOX01.citrite.net ([10.103.128.72]) by
 BANPMAILMX01.citrite.net ([10.103.128.73]) with mapi; Wed, 16 Jan 2013
 23:35:29 +0530
From: Saksham Srivastava <saksham.srivastava@citrix.com>
To: Chip Childers <chip.childers@sungard.com>,
	"cloudstack-dev@incubator.apache.org" <cloudstack-dev@incubator.apache.org>
CC: Kishan Kavala <Kishan.Kavala@citrix.com>, Rajesh Battala
	<rajesh.battala@citrix.com>, Chiradeep Vittal <chiradeepv@gmail.com>, Rohit
 Yadav <bhaisaab@apache.org>
Date: Wed, 16 Jan 2013 23:35:27 +0530
Subject: RE: Review Request: CLOUDSTACK-822 system.vm.password is not
 encrypted
Thread-Topic: Review Request: CLOUDSTACK-822 system.vm.password is not
 encrypted
Thread-Index: Ac3z+Uc0iUWPqqHsSkazKyBYqTVsDgAF4e6Q
Message-ID: 
 <33740054EBF5B64BB213E2E0916F2C13F011FFF1AF@BANPMAILBOX01.citrite.net>
References: <20130110124025.2470.86331@reviews.apache.org>
	<CD144CFC.401F4%chiradeep.vittal@citrix.com>
 <CA+96GG5wemfZgF98LR1XOeu_2262DRAJT+Xpm5e+3h5N=2Ffgw@mail.gmail.com>
In-Reply-To: 
 <CA+96GG5wemfZgF98LR1XOeu_2262DRAJT+Xpm5e+3h5N=2Ffgw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Virus-Checked: Checked by ClamAV on apache.org

As Kishan pointed out on the review board , changing the category to "Secur=
e" will be a way out.
Secure configurations are listed whenever admin will execute listConfigurat=
ion API , unlike Hidden configurations which do not get listed.
If however the password is not encrypted, a management server restart might=
 fail whenever system.vm.random.password is set to true as CS will try to d=
ecrypt system.vm.password .

Thanks,
Saksham

-----Original Message-----
From: Chip Childers [mailto:chip.childers@sungard.com]=20
Sent: Wednesday, January 16, 2013 8:23 PM
To: cloudstack-dev@incubator.apache.org
Cc: Saksham Srivastava; Kishan Kavala; Rajesh Battala; Chiradeep Vittal; Ro=
hit Yadav
Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not encry=
pted

Can we get an answer to Chiradeep's question below before this is committed=
?

On Thu, Jan 10, 2013 at 1:49 PM, Chiradeep Vittal <Chiradeep.Vittal@citrix.=
com> wrote:
> The question around how the cloud admin can log in to the system vm=20
> without visibility into the actual password needs to be resolved. Can=20
> the UI display the unencrypted password whenever the console is viewed?
>
> On 1/10/13 4:40 AM, "Saksham Srivastava"=20
> <saksham.srivastava@citrix.com>
> wrote:
>
>>
>>-----------------------------------------------------------
>>This is an automatically generated e-mail. To reply, visit:
>>https://reviews.apache.org/r/8859/
>>-----------------------------------------------------------
>>
>>(Updated Jan. 10, 2013, 12:40 p.m.)
>>
>>
>>Review request for cloudstack and Kishan Kavala.
>>
>>
>>Changes
>>-------
>>
>>Changing the category to "Secure" instead of "Hidden" and Encrypting=20
>>the password.
>>
>>
>>Description
>>-------
>>
>>Parameter 'system.vm.password' is not encrypted. Need to encrypt it.
>>
>>
>>This addresses bug CLOUDSTACK-822.
>>
>>
>>Diffs (updated)
>>-----
>>
>>  server/src/com/cloud/server/ConfigurationServerImpl.java b25c63f
>>
>>Diff: https://reviews.apache.org/r/8859/diff/
>>
>>
>>Testing
>>-------
>>
>>Tested Locally.
>>
>>
>>Thanks,
>>
>>saksham srivastava
>>
>
>