I kinda think we might want to keep the empty SystemProperties gbean
to make it more obvious where to set them in config.xml. If we do
this we should include an empty override in config.xml. What do
others think?
thanks
david jencks
On Dec 7, 2006, at 11:21 AM, Vamsavardhana Reddy (JIRA) wrote:
[ http://issues.apache.org/jira/browse/GERONIMO-1135?page=all ]
Vamsavardhana Reddy closed GERONIMO-1135.
-----------------------------------------
Resolution: Fixed
Removing the keystore related system properties did not seem to
break anything. Removed "SystemProperties" GBean definition
altogether from the plan since there are no properties to set.
Fixed in rev 483612.
Keystore password in System.properties
--------------------------------------
Key: GERONIMO-1135
URL: http://issues.apache.org/jira/browse/
GERONIMO-1135
Project: Geronimo
Issue Type: Bug
Security Level: public(Regular issues)
Components: security
Affects Versions: 1.0-M5
Reporter: Aaron Mulder
Assigned To: Vamsavardhana Reddy
Priority: Critical
Fix For: 1.2, 2.0-M1
If you look at the System properties, the keystore and trust store
passwords are in there. I'm not sure who puts them in there, but
we need to find a way to stop that -- or else prevent applications
from reading them?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the
administrators: http://issues.apache.org/jira/secure/
Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/
software/jira
