Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 88566 invoked from network); 6 Dec 2006 05:54:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Dec 2006 05:54:49 -0000 Received: (qmail 65252 invoked by uid 500); 6 Dec 2006 05:54:54 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 65200 invoked by uid 500); 6 Dec 2006 05:54:54 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 65157 invoked by uid 99); 6 Dec 2006 05:54:53 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Dec 2006 21:54:53 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Dec 2006 21:54:44 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 95A887142F7 for ; Tue, 5 Dec 2006 21:54:24 -0800 (PST) Message-ID: <11132488.1165384464610.JavaMail.jira@brutus> Date: Tue, 5 Dec 2006 21:54:24 -0800 (PST) From: "Vamsavardhana Reddy (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-1135) Keystore password in System.properties In-Reply-To: <94109302.1131230779581.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=comments#action_12455876 ] Vamsavardhana Reddy commented on GERONIMO-1135: ----------------------------------------------- I think the "SystemProperties" GBean definition can be eliminate altogether from configs\rmi-naming\src\plan\plan.xml . > Keystore password in System.properties > -------------------------------------- > > Key: GERONIMO-1135 > URL: http://issues.apache.org/jira/browse/GERONIMO-1135 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.0-M5 > Reporter: Aaron Mulder > Priority: Critical > Fix For: 1.2 > > > If you look at the System properties, the keystore and trust store passwords are in there. I'm not sure who puts them in there, but we need to find a way to stop that -- or else prevent applications from reading them? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira