geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jack Cai <>
Subject Encrypt password in deployment plans and config.ser
Date Tue, 12 May 2009 08:06:55 GMT
Recently someone pointed out to us that password specified in the deployment
plan is stored in clear text in the config.ser after deployment, for
example, when deploying a datasource with the database password specified in
the deployment plan. I notice that there was another user mentioning exactly
the same problem in the geronimo-user list two years ago [1].

I did a little more dig and also found this JIRA [2] along with this
discussion [3] on encrypting passwords in deployment plans.

I understand that there are different arguments on what is "real" security.
But I also well appreciate users' concerns on having clear text password
appearing in the system. In China, we have a saying "guard against the good
guys but not the bad guys", meaning the guard is there just to prevent the
good guys from doing bad. Taking the same example as in the old thread [3],
if we lock a bicycle, then the good guys won't steal it, while the bad guys
with the intention to steal it can still find ways to steal it. But if we
leave the bicycle unlocked, then the good guys are tempted to steal the
bicycle too, because it's so easy.

Back to JIRA [2], I think an alternative is to let user input the password
in encrypted form in the deployment plan at the very beginning. We can
provide a small command line tool to let user ecrypt the password
beforehands. If this is acceptable, then there is a very simple way to
satisfy requirement [1] & [2]. We can simply add a little encryption logic
in the class org.apache.geronimo.gbean.GBeanData [4], similar to what we did
in GBeanOverride for config.xml.

Comments are welcome.


(revision 111111)
(working copy)
@@ -27,6 +27,8 @@
 import java.util.Map;
 import java.util.Set;

+import org.apache.geronimo.crypto.EncryptionManager;
  * @version $Rev: 556119 $ $Date: 2007-07-13 15:34:02 -0400 (Fri, 13 Jul
2007) $
@@ -112,6 +114,10 @@

     public void setAttribute(String name, Object value) {
+        if (name.toLowerCase().indexOf("password") > -1
+                && value instanceof String) {
+            value = EncryptionManager.decrypt((String) value);
+        }
         attributes.put(name, value);

@@ -207,6 +213,10 @@
         for (Map.Entry<String, Object> entry : attributes.entrySet()) {
             String name = entry.getKey();
             Object value = entry.getValue();
+            if (name.toLowerCase().indexOf("password") > -1
+                    && value instanceof String) {
+                value = EncryptionManager.encrypt((String) value);
+            }
             try {

View raw message