geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gianny Damour <gianny.dam...@optusnet.com.au>
Subject Re: svn commit: r594117 [1/2] - in /geronimo/server/trunk: assemblies/geronimo-jetty6-javaee5/src/main/assembly/ assemblies/geronimo-jetty6-javaee5/src/main/resources/cluster-repository/ assemblies/geronimo-jetty6-javaee5/src/main/resources/master-re
Date Tue, 20 Nov 2007 06:06:18 GMT
Hi Kevan,

I just fixed the encryption problem when writing the password  
JavaBean property to config.xml.

I am still contemplating the following ideas to restrict access to  
this GBean attribute as it contains sensitive information:
* for JMX access, I believe we could wrap the MBeanServer used under  
the cover of our JMXConnectorServer with an MBeanServerForwarder  
restricting access to sensitive information based on the client  
subject and the targeted GBean types, names, attributes et cetera.  
This way administrators will be able to provide finer grained access  
to the GBeans within a Geronimo instance.
* for in-server access, I am really not sure how to proceed. It seems  
to me that application developers could deploy malicious applications  
to Geronimo and obtain through them sensitive information. For  
instance, I could deploy an application searching for a ClusterInfo  
GBean or a specific connector GBean in order to gain access to JMX  
credentials and database credentials (I assume there is a connector  
GBean storing this information in-memory in order to create physical  
database connections) respectively.

Any ideas on how to proceed?

Thanks,
Gianny


On 15/11/2007, at 7:43 AM, Gianny Damour wrote:

> Hi Kevan,
>
> Sorry for my late reply and thanks for raising this security issue.  
> I believe that the encryption of password attributes is not enough  
> in this case as password in this case is an XML JavaBean attribute;  
> based on a cursory review of GBeanOverride, it seems that this case  
> is not yet handled.
>
> I will fix this problem tonight or in the next couple of days.
>
> Thanks,
> Gianny
>
> On 15/11/2007, at 6:54 AM, Kevan Miller wrote:
>
>>
>>
>> On Nov 13, 2007 4:40 PM, Kevan Miller <kevan.miller@gmail.com> wrote:
>> Hi Gianny,
>> I notice that this scheme is storing "admin" username and password  
>> in clear text. It will also make the username/password accessible  
>> via JMX. I think we need to avoid this. Would prefer to see this  
>> information handled in a manner more consistent with our handling  
>> of sensitive information in var/security. Would you agree?
>>
>> David Jencks reminded me that 'password' properties in config.xml  
>> will be encrypted.
>>
>> --kevan
>>

Mime
View raw message