[
https://issues.apache.org/jira/browse/CLOUDSTACK-991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radhika Nair resolved CLOUDSTACK-991.
-------------------------------------
Resolution: Fixed
> system.vm.password property is visible under global configuration when
> categorized as 'Secure'
> ----------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-991
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-991
> Project: CloudStack
> Issue Type: Task
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Doc
> Affects Versions: 4.1.0
> Reporter: Ram Ganesh
> Assignee: Radhika Nair
> Priority: Minor
> Labels: documentation
> Fix For: 4.1.0
>
>
> -----Original Message-----
> From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com]
> Sent: 17 January 2013 00:11
> To: CloudStack DeveloperList; Chip Childers
> Cc: Kishan Kavala; Rajesh Battala; Chiradeep Vittal; Rohit Yadav
> Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not
> encrypted
> This also needs to be documented. Can you raise a documentation issue?
> What about the upgrade from 4.0 case? Are we encrypting previously
> unencrypted passwords?
> On 1/16/13 10:05 AM, "Saksham Srivastava" <saksham.srivast...@citrix.com>
> wrote:
> >As Kishan pointed out on the review board , changing the category to
> >"Secure" will be a way out.
> >Secure configurations are listed whenever admin will execute
> >listConfiguration API , unlike Hidden configurations which do not get
> >listed.
> >If however the password is not encrypted, a management server restart
> >might fail whenever system.vm.random.password is set to true as CS will
> >try to decrypt system.vm.password .
> >
> >Thanks,
> >Saksham
> >
> >-----Original Message-----
> >From: Chip Childers [mailto:chip.child...@sungard.com]
> >Sent: Wednesday, January 16, 2013 8:23 PM
> >To: cloudstack-dev@incubator.apache.org
> >Cc: Saksham Srivastava; Kishan Kavala; Rajesh Battala; Chiradeep Vittal;
> >Rohit Yadav
> >Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not
> >encrypted
> >
> >Can we get an answer to Chiradeep's question below before this is
> >committed?
> >
> >On Thu, Jan 10, 2013 at 1:49 PM, Chiradeep Vittal
> ><chiradeep.vit...@citrix.com> wrote:
> >> The question around how the cloud admin can log in to the system vm
> >> without visibility into the actual password needs to be resolved. Can
> >> the UI display the unencrypted password whenever the console is viewed?
> >>
> >> On 1/10/13 4:40 AM, "Saksham Srivastava"
> >> <saksham.srivast...@citrix.com>
> >> wrote:
> >>
> >>>
> >>>-----------------------------------------------------------
> >>>This is an automatically generated e-mail. To reply, visit:
> >>>https://reviews.apache.org/r/8859/
> >>>-----------------------------------------------------------
> >>>
> >>>(Updated Jan. 10, 2013, 12:40 p.m.)
> >>>
> >>>
> >>>Review request for cloudstack and Kishan Kavala.
> >>>
> >>>
> >>>Changes
> >>>-------
> >>>
> >>>Changing the category to "Secure" instead of "Hidden" and Encrypting
> >>>the password.
> >>>
> >>>
> >>>Description
> >>>-------
> >>>
> >>>Parameter 'system.vm.password' is not encrypted. Need to encrypt it.
> >>>
> >>>
> >>>This addresses bug CLOUDSTACK-822.
> >>>
> >>>
> >>>Diffs (updated)
> >>>-----
> >>>
> >>> server/src/com/cloud/server/ConfigurationServerImpl.java b25c63f
> >>>
> >>>Diff: https://reviews.apache.org/r/8859/diff/
> >>>
> >>>
> >>>Testing
> >>>-------
> >>>
> >>>Tested Locally.
> >>>
> >>>
> >>>Thanks,
> >>>
> >>>saksham srivastava
> >>>
> >>
> >>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
