felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ferry Huberts <maili...@hupie.com>
Subject Re: Plaintext password in configuration files for Jetty and Webconsole
Date Sun, 24 Apr 2016 11:26:54 GMT
So thanks for all the replies.

But especially for webconsole, the password can be a hash, much like is 
the /etc/passwd files on Unix systems.

Would a feature request bug on this make any chance when I file it?

On 24/04/16 13:18, Roland Tepp wrote:
> Console (weather accessed over web or ssh) should be a trusted environment.
> If a untrusted user gains access to you console you have much more serious
> problems than access to some configuration options.
> On Sun, 24 Apr 2016 at 02:29, Carsten Ziegeler <cziegeler@apache.org> wrote:
>
>> Peter Kriens wrote
>>> You could adjust cm to recognize a macro and expand that macro to
>> something local like a file, a system property, or an environment variable.
>>>
>>> That is how I solved it in the Configurer. Works very well on Travis
>> that allows you to configure with encrypted data that is decrypted as
>> environment variables.
>>>
>>
>> This still has the problem that the decrypted data is visible to
>> everyone (via web console etc.)
>>
>>
>> Carsten
>> --
>> Carsten Ziegeler
>> Adobe Research Switzerland
>> cziegeler@apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>> For additional commands, e-mail: users-help@felix.apache.org
>>
>>
>

-- 
Ferry Huberts

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message