Hi Kevan,
I just fixed the encryption problem when writing the password
JavaBean property to config.xml.
I am still contemplating the following ideas to restrict access to
this GBean attribute as it contains sensitive information:
* for JMX access, I believe we could wrap the MBeanServer used under
the cover of our JMXConnectorServer with an MBeanServerForwarder
restricting access to sensitive information based on the client
subject and the targeted GBean types, names, attributes et cetera.
This way administrators will be able to provide finer grained access
to the GBeans within a Geronimo instance.
* for in-server access, I am really not sure how to proceed. It seems
to me that application developers could deploy malicious applications
to Geronimo and obtain through them sensitive information. For
instance, I could deploy an application searching for a ClusterInfo
GBean or a specific connector GBean in order to gain access to JMX
credentials and database credentials (I assume there is a connector
GBean storing this information in-memory in order to create physical
database connections) respectively.
Any ideas on how to proceed?
Thanks,
Gianny
On 15/11/2007, at 7:43 AM, Gianny Damour wrote:
Hi Kevan,
Sorry for my late reply and thanks for raising this security issue.
I believe that the encryption of password attributes is not enough
in this case as password in this case is an XML JavaBean attribute;
based on a cursory review of GBeanOverride, it seems that this case
is not yet handled.
I will fix this problem tonight or in the next couple of days.
Thanks,
Gianny
On 15/11/2007, at 6:54 AM, Kevan Miller wrote:
On Nov 13, 2007 4:40 PM, Kevan Miller <[EMAIL PROTECTED]> wrote:
Hi Gianny,
I notice that this scheme is storing "admin" username and password
in clear text. It will also make the username/password accessible
via JMX. I think we need to avoid this. Would prefer to see this
information handled in a manner more consistent with our handling
of sensitive information in var/security. Would you agree?
David Jencks reminded me that 'password' properties in config.xml
will be encrypted.
--kevan
