[ http://issues.apache.org/jira/browse/GERONIMO-1135?page=comments#action_12357889 ]
Kevan Miller commented on GERONIMO-1135: ---------------------------------------- Matt, the "properties" are properties as in java.lang.System.getProperties(). Encryption isn't really the issue. At present, any deployed app could retrieve these password properties. It's very easy to keep these passwords out of the System properties. You can pass these properties in directly to the Factories, rather than setting them as properties. I'll try to have a look at this later today... > Keystore password in System.properties > -------------------------------------- > > Key: GERONIMO-1135 > URL: http://issues.apache.org/jira/browse/GERONIMO-1135 > Project: Geronimo > Type: Bug > Components: security > Versions: 1.0-M5 > Reporter: Aaron Mulder > Priority: Critical > Fix For: 1.1 > > If you look at the System properties, the keystore and trust store passwords > are in there. I'm not sure who puts them in there, but we need to find a way > to stop that -- or else prevent applications from reading them? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
