geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevan Miller (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-1135) Keystore password in System.properties
Date Thu, 17 Nov 2005 13:42:41 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=comments#action_12357889 ] 

Kevan Miller commented on GERONIMO-1135:
----------------------------------------

Matt, the "properties" are properties as in java.lang.System.getProperties(). Encryption isn't
really the issue. At present, any deployed app could retrieve these password properties. It's
very easy to keep these passwords out of the System properties. You can pass these properties
in directly to the Factories, rather than setting them as properties. I'll try to have a look
at this later today...

> Keystore password in System.properties
> --------------------------------------
>
>          Key: GERONIMO-1135
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1135
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Priority: Critical
>      Fix For: 1.1

>
> If you look at the System properties, the keystore and trust store passwords are in there.
 I'm not sure who puts them in there, but we need to find a way to stop that -- or else prevent
applications from reading them?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message