Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 95002 invoked from network); 18 Nov 2005 09:59:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Nov 2005 09:59:12 -0000 Received: (qmail 67594 invoked by uid 500); 18 Nov 2005 09:59:05 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 67528 invoked by uid 500); 18 Nov 2005 09:59:05 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 67514 invoked by uid 99); 18 Nov 2005 09:59:04 -0000 X-ASF-Spam-Status: No, hits=1.3 required=10.0 tests=SPF_FAIL X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Nov 2005 01:59:02 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 73EC4E1 for ; Fri, 18 Nov 2005 10:58:41 +0100 (CET) Message-ID: <173786959.1132307921434.JavaMail.jira@ajax.apache.org> Date: Fri, 18 Nov 2005 10:58:41 +0100 (CET) From: "Vamsavardhana Reddy (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-1135) Keystore password in System.properties In-Reply-To: <94109302.1131230779581.JavaMail.jira@ajax.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=comments#action_12357966 ] Vamsavardhana Reddy commented on GERONIMO-1135: ----------------------------------------------- As of revision 345477, the following plan.xml files have javax.net.ssl.keystorePassword=... entries configs\client-system\src\plan\plan.xml configs\rmi-naming\src\plan\plan.xml modules\assembly\src\plan\client-system-plan.xml modules\assembly\src\plan\naming-server-plan.xml I hope this info is helpful. > Keystore password in System.properties > -------------------------------------- > > Key: GERONIMO-1135 > URL: http://issues.apache.org/jira/browse/GERONIMO-1135 > Project: Geronimo > Type: Bug > Components: security > Versions: 1.0-M5 > Reporter: Aaron Mulder > Priority: Critical > Fix For: 1.1 > > If you look at the System properties, the keystore and trust store passwords are in there. I'm not sure who puts them in there, but we need to find a way to stop that -- or else prevent applications from reading them? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira