Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0284BEEE1 for ; Fri, 1 Feb 2013 11:46:18 +0000 (UTC) Received: (qmail 71982 invoked by uid 500); 1 Feb 2013 11:46:17 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 71942 invoked by uid 500); 1 Feb 2013 11:46:17 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 71924 invoked by uid 99); 1 Feb 2013 11:46:17 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2013 11:46:17 +0000 Date: Fri, 1 Feb 2013 11:46:12 +0000 (UTC) From: "Radhika Nair (JIRA)" To: cloudstack-dev@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-991) system.vm.password property is visible under global configuration when categorized as 'Secure' MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13568679#comment-13568679 ] Radhika Nair commented on CLOUDSTACK-991: ----------------------------------------- Planning to add the following note under the section Working with System Virtual Machines: You can configure the systm.vm.random.password parameter to create a random system VM password for higher security. If the value for systm.vm.random.password is set to true and restart the Management Server, a random password is generated and stored encrypted in the database. You can view the encrypted password under the system.vm.password global parameter. > system.vm.password property is visible under global configuration when categorized as 'Secure' > ---------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-991 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-991 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the default.) > Components: Doc > Affects Versions: 4.1.0 > Reporter: Ram Ganesh > Assignee: Radhika Nair > Priority: Minor > Labels: documentation > Fix For: 4.1.0 > > > -----Original Message----- > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com] > Sent: 17 January 2013 00:11 > To: CloudStack DeveloperList; Chip Childers > Cc: Kishan Kavala; Rajesh Battala; Chiradeep Vittal; Rohit Yadav > Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not encrypted > This also needs to be documented. Can you raise a documentation issue? > What about the upgrade from 4.0 case? Are we encrypting previously > unencrypted passwords? > On 1/16/13 10:05 AM, "Saksham Srivastava" > wrote: > >As Kishan pointed out on the review board , changing the category to > >"Secure" will be a way out. > >Secure configurations are listed whenever admin will execute > >listConfiguration API , unlike Hidden configurations which do not get > >listed. > >If however the password is not encrypted, a management server restart > >might fail whenever system.vm.random.password is set to true as CS will > >try to decrypt system.vm.password . > > > >Thanks, > >Saksham > > > >-----Original Message----- > >From: Chip Childers [mailto:chip.childers@sungard.com] > >Sent: Wednesday, January 16, 2013 8:23 PM > >To: cloudstack-dev@incubator.apache.org > >Cc: Saksham Srivastava; Kishan Kavala; Rajesh Battala; Chiradeep Vittal; > >Rohit Yadav > >Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not > >encrypted > > > >Can we get an answer to Chiradeep's question below before this is > >committed? > > > >On Thu, Jan 10, 2013 at 1:49 PM, Chiradeep Vittal > > wrote: > >> The question around how the cloud admin can log in to the system vm > >> without visibility into the actual password needs to be resolved. Can > >> the UI display the unencrypted password whenever the console is viewed? > >> > >> On 1/10/13 4:40 AM, "Saksham Srivastava" > >> > >> wrote: > >> > >>> > >>>----------------------------------------------------------- > >>>This is an automatically generated e-mail. To reply, visit: > >>>https://reviews.apache.org/r/8859/ > >>>----------------------------------------------------------- > >>> > >>>(Updated Jan. 10, 2013, 12:40 p.m.) > >>> > >>> > >>>Review request for cloudstack and Kishan Kavala. > >>> > >>> > >>>Changes > >>>------- > >>> > >>>Changing the category to "Secure" instead of "Hidden" and Encrypting > >>>the password. > >>> > >>> > >>>Description > >>>------- > >>> > >>>Parameter 'system.vm.password' is not encrypted. Need to encrypt it. > >>> > >>> > >>>This addresses bug CLOUDSTACK-822. > >>> > >>> > >>>Diffs (updated) > >>>----- > >>> > >>> server/src/com/cloud/server/ConfigurationServerImpl.java b25c63f > >>> > >>>Diff: https://reviews.apache.org/r/8859/diff/ > >>> > >>> > >>>Testing > >>>------- > >>> > >>>Tested Locally. > >>> > >>> > >>>Thanks, > >>> > >>>saksham srivastava > >>> > >> > >> -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira