tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: MBeans and credentials
Date Sat, 02 Oct 2010 11:04:37 GMT
On 01/10/2010 19:32, Rainer Jung wrote:
> Should we remove the following attributes from the respective mbeans?
> 
> - "shutdown" from "Catalina:type=Server"
> - "keyPass" from "Catalina:type=ProtocolHandler,port=8080"
> - "password" from "User"
> - "connectionPassword" from "JDBCRealm"
> - "password" for a DataSource (?)

I'd say no. I've always view JMX as a 'root' equivalent management
interface. JMX access is appropriately locked down by default.

> Or at least allow to drop them from a jmxproxy query (e.g.
> qry=*:*&filter=nopass).

I can see more of an argument for this although I'm not sure how easy it
would be to do. My view on whether or not this should be done will be
highly dependent on how maintainable the code is.

> Of course it is likely that people having access to JMX are already
> powerful enough to do harm.
+1

> On the other hand at least exports via
> jmxproxy are not to unlikely to get passed outside for troubleshooting.
You'd hope :). There is potentially a wider audience though.

> Is anyone aware of more of those?
JNDIRealm connectionPassword
Connector secret

and probably a bunch of others. I didn't look too hard

> What about user names for the cases where they also exist?
Strictly, yes.

Keeping the setter but providing alternative getters for JMX that return
"*****" may be an option as well.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message