tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: ConnectionPoolMBean should not expose plain-text DB password
Date Fri, 05 Oct 2012 21:11:57 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Te,

On 10/5/12 1:51 PM, Te Li wrote:
> I am not familiar with JIoEndpoint discussed in 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=53139.
> 
> The issue I'm facing is something different. Apparently, some
> effort was made to hide the DB password, but the DB password is
> still exposed via another getter (getDbProperties()). This seems to
> be a bug to me.
> 
> DB passwords are highly sensitive information. JMX admins shouldn't
> see those either. It's not a reasonable assumption that it's okay
> for JMX admins to see exposed DB passwords (which should never be
> exposed in plaintext or encrypted form). Those who work in a
> company would probably concur with this point.

I think most of us work at companies, and I happen to disagree with you.

Tomcat passwords -- at least those in server.xml -- are in plain-text
form. All requests to obfuscate them have been denied because it is
simply not possible to properly secure them: the key always must be
available to the administrator in order to read the obfuscated
password and therefore any steps to "secure" the password are a charade.

There is a wealth of knowledge available via JMX, and it should only
be exposed to administrators. Any JMX-enabled administrator will be
able to deploy an arbitrary webapp to go and fetch the data you are
trying to hide. You are wasting your time.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBvTR0ACgkQ9CaO5/Lv0PC+PACgrXslv6H5QX1f8aMmMjN+0iJn
hTAAnidDEXQWEk8HyPtWbTF36OVTQHoL
=8RVk
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message