Improper encryption/obfuscation of passwords in configuration files
-------------------------------------------------------------------
Key: GERONIMO-5980
URL: https://issues.apache.org/jira/browse/GERONIMO-5980
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Reporter: Kevan Miller
Several users have reported problems starting Geronimo. The cause seems to be
improperly encrypted passwords. Plain text passwords will be
encrypted/obfuscated in configuration files. A very good hypothesis posed by
Michael Peterson is that the problem occurs if you try to start Geronimo with
an improperly configured JAVA_HOMEStarting Geronimo without a JAVA_HOME
configured may cause passwords to be improperly encrypted. They may end up
encrypted as {Simple}null
>From an email:
{quote}
On May 25, 2011, at 9:56 PM, michael.peterson wrote:
Ok...I think I see what was happening.
When I first installed and tried to run "geronimo.sh run" I didn't
have JAVA_HOME set. it failed with a bunch of messages. Then I
realized that problem and set JAVA_HOME...but it looks like that time
the property files have already been rewritten and the install
corrupted. I didn't realize it was happening at the time of
course...but since the new install was working I tried to redo the
step to get to that broken state. The only way I could achieve that
was to remove the JAVA_HOME and try and run geronimo.
Does that make sense to you?
{quote}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
