cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wilder Rodrigues (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-6252) Host password is stored in the database in the clear
Date Tue, 01 Apr 2014 18:39:16 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-6252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13956874#comment-13956874
] 

Wilder Rodrigues commented on CLOUDSTACK-6252:
----------------------------------------------

Hi John,

Sorry for the delay. I'm looking into the code and realised that there is indeed a key that
should be in the db.properties file, but by default it's not.

In the EncryptionSecretKeyChecker I found this:

String encryptionType = dbProps.getProperty("db.cloud.encryption.type");

If the property above is not present in the db.properties, then the whole encryption is skipped.

When I tested Cloudstack 4.3.0, my db.properties did not have such a property. Also, since
I was not migrating anything, but just creating a brand new environment, the EncryptionSecretKeyChanger
class hasn't done anything.

Perhaps it means that when we install it from scratch for the very first time, db encryption
won't take place.

If you think it makes sense, I can perform the tests again.

Cheers,
Wilder 

> Host password is stored in the database in the clear
> ----------------------------------------------------
>
>                 Key: CLOUDSTACK-6252
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: Future
>         Environment: Management Server running on Debian 7
> DevCloud running on XenServer 6.2
>            Reporter: Wilder Rodrigues
>            Assignee: Wilder Rodrigues
>
> Via the Management Server UI, when creating an advanced Zone and adding a host to it,
the host password is stored in the database in the clear.
> All passwords should be encrypted before stored.
> Check details below:
> mysql> select * from host_details;
> +----+---------+----------------------------------------------------+----------------------------------------+
> | id | host_id | name                                               | value         
                        |
> +----+---------+----------------------------------------------------+----------------------------------------+
> |  1 |       1 | product_version                                    | 6.2.0         
                        | 
> |  2 |       1 | com.cloud.network.Networks.RouterPrivateIpStrategy | DcGlobal      
                        | 
> |  3 |       1 | private.network.device                             | Pool-wide network
associated with eth0 | 
> |  4 |       1 | Hypervisor.Version                                 | 4.1.5         
                        | 
> |  5 |       1 | Host.OS                                            | XenServer     
                        | 
> |  6 |       1 | Host.OS.Kernel.Version                             | 2.6.32.43-0.4.1.xs1.8.0.835.170778xen
 | 
> |  7 |       1 | wait                                               | 600           
                        | 
> |  8 |       1 | password                                           | changeme      
                        | 
> |  9 |       1 | url                                                | 10.1.1.203    
                        | 
> | 10 |       1 | username                                           | root          
                        | 
> | 11 |       1 | xs620_snapshot_hotfix                              | false         
                        | 
> | 12 |       1 | product_brand                                      | XenServer     
                        | 
> | 13 |       1 | product_version_text_short                         | 6.2           
                        | 
> | 14 |       1 | Host.OS.Version                                    | 6.2.0         
                        | 
> | 15 |       1 | instance.name                                      | VM            
                        | 
> +----+---------+----------------------------------------------------+----------------------------------------+



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message