[jira] [Commented] (QPID-8667) [Broker-J] Database connection with client certificate authentication exposes keystore / truststore passwords
[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17815591#comment-17815591
]
ASF subversion and git services commented on QPID-8667:
---
Commit 4551a7eddf8556ac5991f11ed92b6d6655cd4cef in qpid-broker-j's branch
refs/heads/main from Daniil Kirilyuk
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=4551a7eddf ]
QPID-8667: [Broker-J] Database connection with client certificate
authentication exposes keystore / truststore passwords (#240)
added UI fix for the issue when creating a JSON Virtual Host Node with BDB
Virtual host resulting in "dijit.registry.byId(...) is undefined" error
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Affects Versions: qpid-java-broker-9.1.0
>Reporter: Daniil Kirilyuk
>Priority: Minor
> Fix For: qpid-java-broker-9.2.0
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:://:/?key1=value1=value2=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://:/?ssl=true=verify-full===",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://:/?ssl=true=verify-full=",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8667) [Broker-J] Database connection with client certificate authentication exposes keystore / truststore passwords
[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17815590#comment-17815590
]
ASF GitHub Bot commented on QPID-8667:
--
vavrtom merged PR #240:
URL: https://github.com/apache/qpid-broker-j/pull/240
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Affects Versions: qpid-java-broker-9.1.0
>Reporter: Daniil Kirilyuk
>Priority: Minor
> Fix For: qpid-java-broker-9.2.0
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:://:/?key1=value1=value2=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://:/?ssl=true=verify-full===",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://:/?ssl=true=verify-full=",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8667) [Broker-J] Database connection with client certificate authentication exposes keystore / truststore passwords
[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17811865#comment-17811865
]
ASF GitHub Bot commented on QPID-8667:
--
vavrtom merged PR #236:
URL: https://github.com/apache/qpid-broker-j/pull/236
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Affects Versions: qpid-java-broker-9.1.0
>Reporter: Daniil Kirilyuk
>Priority: Minor
> Fix For: qpid-java-broker-9.1.1
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:://:/?key1=value1=value2=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://:/?ssl=true=verify-full===",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://:/?ssl=true=verify-full=",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8667) [Broker-J] Database connection with client certificate authentication exposes keystore / truststore passwords
[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17811866#comment-17811866
]
ASF subversion and git services commented on QPID-8667:
---
Commit cb51d8d31efe24198190264b1bbde7923252810a in qpid-broker-j's branch
refs/heads/main from Daniil Kirilyuk
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=cb51d8d31e ]
QPID-8667: [Broker-J] Database connection with client certificate
authentication exposes keystore / truststore passwords (#236)
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Affects Versions: qpid-java-broker-9.1.0
>Reporter: Daniil Kirilyuk
>Priority: Minor
> Fix For: qpid-java-broker-9.1.1
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:://:/?key1=value1=value2=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://:/?ssl=true=verify-full===",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://:/?ssl=true=verify-full=",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8667) [Broker-J] Database connection with client certificate authentication exposes keystore / truststore passwords
[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17811303#comment-17811303
]
ASF GitHub Bot commented on QPID-8667:
--
dakirily opened a new pull request, #236:
URL: https://github.com/apache/qpid-broker-j/pull/236
This PR addresses JIRA
[QPID-8667](https://issues.apache.org/jira/browse/QPID-8667), adding
functionality to hide keystore / truststore passwords when configuring database
connection with client certificate authentication
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
>Affects Versions: qpid-java-broker-9.1.0
>Reporter: Daniil Kirilyuk
>Priority: Minor
> Fix For: qpid-java-broker-9.1.1
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:://:/?key1=value1=value2=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://:/?ssl=true=verify-full===",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://:/?ssl=true=verify-full=",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
