[ http://issues.apache.org/jira/browse/GERONIMO-1135?page=comments#action_12451052 ] Vamsavardhana Reddy commented on GERONIMO-1135: -----------------------------------------------
In server built from branches\1.1 I have examined through debugger that SystemProperties does not contain javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword. In branches\1.2 no plan xml file has javax.net.ssl.keystorePassword=... entry. (Only configs\rmi-naming\src\plan\plan.xml has an entry, but it is commented out and so it won't count.) > Keystore password in System.properties > -------------------------------------- > > Key: GERONIMO-1135 > URL: http://issues.apache.org/jira/browse/GERONIMO-1135 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.0-M5 > Reporter: Aaron Mulder > Priority: Critical > Fix For: 1.2 > > > If you look at the System properties, the keystore and trust store passwords > are in there. I'm not sure who puts them in there, but we need to find a way > to stop that -- or else prevent applications from reading them? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
