Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 14715 invoked from network); 18 Nov 2005 17:00:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Nov 2005 17:00:36 -0000 Received: (qmail 72385 invoked by uid 500); 18 Nov 2005 17:00:29 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 72319 invoked by uid 500); 18 Nov 2005 17:00:29 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 72284 invoked by uid 99); 18 Nov 2005 17:00:29 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Nov 2005 09:00:29 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [199.237.51.194] (HELO green.rootmode.com) (199.237.51.194) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Nov 2005 09:02:02 -0800 X-ClientAddr: 68.171.62.46 Received: from [192.168.15.100] (68-171-62-46.vnnyca.adelphia.net [68.171.62.46]) by green.rootmode.com (8.12.10/8.12.10) with ESMTP id jAIGxpea029440 for ; Fri, 18 Nov 2005 11:59:51 -0500 Mime-Version: 1.0 (Apple Message framework v746.2) In-Reply-To: References: <22d56c4d0511160410t1d099c47g6522e1607ff56909@mail.gmail.com> <5fe06e27c9131035126fcf8cb7075ddc@yahoo.com> <22d56c4d0511170445t5969d296we2663aae3a3c4b2a@mail.gmail.com> <93f2c9dc32adcf68c02aa2c99a928089@yahoo.com> <22d56c4d0511172121ya9cb05eg453ec075f006656f@mail.gmail.com> <8188ba8dc92532609f153bd1272ea18b@yahoo.com> <74e15baa0511172330k2028e644s612d4babfe0f13e2@mail.gmail.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Dain Sundstrom Subject: Re: Constructing deployment plans from Configuration GBeanData Date: Fri, 18 Nov 2005 08:59:53 -0800 To: dev@geronimo.apache.org X-Mailer: Apple Mail (2.746.2) X-RootMode-MailScanner-Information: Please contact the ISP for more information X-RootMode-MailScanner: Found to be clean X-MailScanner-From: dain@iq80.com X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Wait a sec. We are worried about an administrator that has access to the console from seeing a password embedded an a configuration file? The admin can deploy applications, which could easily just scan for passwords in memory or on disk. Anyone with access to this console is "root" for the geronimo instance. -dain On Nov 18, 2005, at 8:57 AM, Dain Sundstrom wrote: > If we are the ones copying over the plans, why not have the > deployment code for the module, simply remove passwords from the > file before copying it. Alternatively, we could choose to not copy > over the plan for connectors. > > -dain > > On Nov 17, 2005, at 11:30 PM, Aaron Mulder wrote: > >> Note that JSR-77 requires us to expose the J2EE DD through our module >> beans, and it may make sense to provide a similar hook for the >> Geronimo plan. That would make it easy to implement nicely in the >> console, certainly. >> >> However, I agree that it's important to be able to suppress showing >> plans, particular for connectors where they're likely to have >> passwords in them. Sure, you only see that if you got into the >> console/MEJB/whatever to begin with, but still... I'm not sure what >> to say about the default behavior. I thought this was such a cool >> idea until I thought about the password issue, but if we make hiding >> the plans the default, then it's not all that useful a feature. I'm >> waffling. >> >> Aaron >> >> On 11/18/05, David Jencks wrote: >>> >>> On Nov 17, 2005, at 9:21 PM, Vamsavardhana Reddy wrote: >>> >>>> >>>> >>>> On 11/17/05, David Jencks wrote: >>>>> On Nov 17, 2005, at 4:45 AM, Vamsavardhana Reddy wrote: >>>>> >>>>>> If deployment plans are inside the archive (ear, war, etc.) >>>>>> they can >>>>>> be obtained from config-store. If the deployment plan is >>>>>> supplied as >>>>>> an external file to the deployer and if the original file is not >>>>>> available, the only way to get any information on the >>>>>> configuration >>>>> is >>>>>> from the Configuration GBeanData obtained from the kernel at >>>>>> runtime >>>>>> or from deserializing config.ser files under config-store. For >>>>>> analyzing any problems after an application is deployed, >>>>>> deployment >>>>>> plans will certainly be helpful. >>>>> >>>>> If you think this is really valuable information, I think a better >>>>> approach is to store the plan(s) in a known location in the >>>>> configuration so they may be retrieved directly. >>>> I thought of this as an option because it will really simplify >>>> a lot >>>> of things, and I can avoid writing a configuration decompiler :o). >>>> But, then will there be any instances where the user will not >>>> want the >>>> deployment plan to be stored in the server as is? Will "not want to >>>> store the deployment plan in the config-store" be ever a users' >>>> reason >>>> for supplying deployment plan as an external file to the deployer? >>> >>> Well, I think there will be few cases where the original deployment >>> plan will be unavailable from other sources, and I don't >>> particularly >>> like including it in the configuration. However, I don't think this >>> has much to do with the desirability of keeping the plan separate >>> from >>> the module you are deploying: I think this is always a good >>> idea. I do >>> think that some people will want to conceal their plan and if we do >>> provide a way to include it in the configuration this choice must be >>> optional. >>> >>> thanks >>> david jencks >>> >>>