Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 82522 invoked from network); 7 Dec 2006 23:27:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 7 Dec 2006 23:27:24 -0000 Received: (qmail 9332 invoked by uid 500); 7 Dec 2006 23:27:30 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 9293 invoked by uid 500); 7 Dec 2006 23:27:30 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 9282 invoked by uid 99); 7 Dec 2006 23:27:30 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Dec 2006 15:27:30 -0800 X-ASF-Spam-Status: No, hits=3.5 required=10.0 tests=FROM_HAS_MIXED_NUMS,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of c1vamsi1c@gmail.com designates 66.249.92.170 as permitted sender) Received: from [66.249.92.170] (HELO ug-out-1314.google.com) (66.249.92.170) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Dec 2006 15:27:19 -0800 Received: by ug-out-1314.google.com with SMTP id m2so813801ugc for ; Thu, 07 Dec 2006 15:26:58 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=FiFveCo7e8Q7vntdEOaQ0yO6EWu3O+dkwesnMQZ0Ag0DqiwZukb968bz8VKpmee0I2LwCMNweRubWD1a7/zMuzLGj1Y7Aee5GVEwWLsO3lEMR6jtU5Hd7+rM/S4mGf23NlqLvYmBX5UymmonSYg/YBUnEHUArPRVhjPlWKhOwiY= Received: by 10.82.139.17 with SMTP id m17mr872436bud.1165534016796; Thu, 07 Dec 2006 15:26:56 -0800 (PST) Received: by 10.49.11.12 with HTTP; Thu, 7 Dec 2006 15:26:56 -0800 (PST) Message-ID: <22d56c4d0612071526y3f0b10ib3a707a0fcf12c5@mail.gmail.com> Date: Fri, 8 Dec 2006 04:56:56 +0530 From: "Vamsavardhana Reddy" To: dev@geronimo.apache.org Subject: Re: [jira] Closed: (GERONIMO-1135) Keystore password in System.properties In-Reply-To: <5DDA7DF0-DC44-4FB1-A482-8608A930F5CD@yahoo.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_131217_28740595.1165534016597" References: <18050841.1165519285291.JavaMail.jira@brutus> <5DDA7DF0-DC44-4FB1-A482-8608A930F5CD@yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_131217_28740595.1165534016597 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline David, I guess the better place for that would be in the documentation. Do we want to have redundant GBean definitions in configurations just to show how to use them? Or am I missing some point? Vamsi On 12/8/06, David Jencks wrote: > > I kinda think we might want to keep the empty SystemProperties gbean > to make it more obvious where to set them in config.xml. If we do > this we should include an empty override in config.xml. What do > others think? > > thanks > david jencks > > On Dec 7, 2006, at 11:21 AM, Vamsavardhana Reddy (JIRA) wrote: > > > [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=all ] > > > > Vamsavardhana Reddy closed GERONIMO-1135. > > ----------------------------------------- > > > > Resolution: Fixed > > > > Removing the keystore related system properties did not seem to > > break anything. Removed "SystemProperties" GBean definition > > altogether from the plan since there are no properties to set. > > > > Fixed in rev 483612. > > > >> Keystore password in System.properties > >> -------------------------------------- > >> > >> Key: GERONIMO-1135 > >> URL: http://issues.apache.org/jira/browse/ > >> GERONIMO-1135 > >> Project: Geronimo > >> Issue Type: Bug > >> Security Level: public(Regular issues) > >> Components: security > >> Affects Versions: 1.0-M5 > >> Reporter: Aaron Mulder > >> Assigned To: Vamsavardhana Reddy > >> Priority: Critical > >> Fix For: 1.2, 2.0-M1 > >> > >> > >> If you look at the System properties, the keystore and trust store > >> passwords are in there. I'm not sure who puts them in there, but > >> we need to find a way to stop that -- or else prevent applications > >> from reading them? > > > > -- > > This message is automatically generated by JIRA. > > - > > If you think it was sent incorrectly contact one of the > > administrators: http://issues.apache.org/jira/secure/ > > Administrators.jspa > > - > > For more information on JIRA, see: http://www.atlassian.com/ > > software/jira > > > > > > ------=_Part_131217_28740595.1165534016597 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline David,

I guess the better place for that would be in the documentation.  Do we want to have redundant GBean definitions in configurations just to show how to use them?  Or am I missing some point?

Vamsi

On 12/8/06, David Jencks <david_jencks@yahoo.com> wrote:
I kinda think we might want to keep the empty SystemProperties gbean
to make it more obvious where to set them in config.xml. If we do
this we should include an empty override in config.xml.  What do
others think?

thanks
david jencks

On Dec 7, 2006, at 11:21 AM, Vamsavardhana Reddy (JIRA) wrote:

>      [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=all ]
>
> Vamsavardhana Reddy closed GERONIMO-1135.
> -----------------------------------------
>
>     Resolution: Fixed
>
> Removing the keystore related system properties did not seem to
> break anything.  Removed "SystemProperties" GBean definition
> altogether from the plan since there are no properties to set.
>
> Fixed in rev 483612.
>
>> Keystore password in System.properties
>> --------------------------------------
>>
>>                 Key: GERONIMO-1135
>>                 URL: http://issues.apache.org/jira/browse/
>> GERONIMO-1135
>>             Project: Geronimo
>>          Issue Type: Bug
>>      Security Level: public(Regular issues)
>>          Components: security
>>    Affects Versions: 1.0-M5
>>            Reporter: Aaron Mulder
>>         Assigned To: Vamsavardhana Reddy
>>            Priority: Critical
>>             Fix For: 1.2, 2.0-M1
>>
>>
>> If you look at the System properties, the keystore and trust store
>> passwords are in there.  I'm not sure who puts them in there, but
>> we need to find a way to stop that -- or else prevent applications
>> from reading them?
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the
> administrators: http://issues.apache.org/jira/secure/
> Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/
> software/jira
>
>


------=_Part_131217_28740595.1165534016597--