geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: [jira] Closed: (GERONIMO-1135) Keystore password in System.properties
Date Thu, 07 Dec 2006 23:26:56 GMT
David,

I guess the better place for that would be in the documentation.  Do we want
to have redundant GBean definitions in configurations just to show how to
use them?  Or am I missing some point?

Vamsi

On 12/8/06, David Jencks <david_jencks@yahoo.com> wrote:
>
> I kinda think we might want to keep the empty SystemProperties gbean
> to make it more obvious where to set them in config.xml. If we do
> this we should include an empty override in config.xml.  What do
> others think?
>
> thanks
> david jencks
>
> On Dec 7, 2006, at 11:21 AM, Vamsavardhana Reddy (JIRA) wrote:
>
> >      [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=all ]
> >
> > Vamsavardhana Reddy closed GERONIMO-1135.
> > -----------------------------------------
> >
> >     Resolution: Fixed
> >
> > Removing the keystore related system properties did not seem to
> > break anything.  Removed "SystemProperties" GBean definition
> > altogether from the plan since there are no properties to set.
> >
> > Fixed in rev 483612.
> >
> >> Keystore password in System.properties
> >> --------------------------------------
> >>
> >>                 Key: GERONIMO-1135
> >>                 URL: http://issues.apache.org/jira/browse/
> >> GERONIMO-1135
> >>             Project: Geronimo
> >>          Issue Type: Bug
> >>      Security Level: public(Regular issues)
> >>          Components: security
> >>    Affects Versions: 1.0-M5
> >>            Reporter: Aaron Mulder
> >>         Assigned To: Vamsavardhana Reddy
> >>            Priority: Critical
> >>             Fix For: 1.2, 2.0-M1
> >>
> >>
> >> If you look at the System properties, the keystore and trust store
> >> passwords are in there.  I'm not sure who puts them in there, but
> >> we need to find a way to stop that -- or else prevent applications
> >> from reading them?
> >
> > --
> > This message is automatically generated by JIRA.
> > -
> > If you think it was sent incorrectly contact one of the
> > administrators: http://issues.apache.org/jira/secure/
> > Administrators.jspa
> > -
> > For more information on JIRA, see: http://www.atlassian.com/
> > software/jira
> >
> >
>
>

Mime
View raw message