Hi Harry, Just a quick question: do you see any security issues that may arise by this practice? if so, how might these be mitigated?
I'm thinking in particular of how someone might introduce a vulnerability in JSPWiki by intercepting the startup script and setting an environment variable to alter a behaviour. Cheers, Ichiro On Tue, Mar 3, 2015 at 7:33 PM, Harry Metske (JIRA) <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/JSPWIKI-878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Harry Metske updated JSPWIKI-878: > --------------------------------- > Attachment: (was: JSPWIKI-878.patch) > > > configure JSPWiki with environment variables > > -------------------------------------------- > > > > Key: JSPWIKI-878 > > URL: https://issues.apache.org/jira/browse/JSPWIKI-878 > > Project: JSPWiki > > Issue Type: Improvement > > Components: Core & storage > > Affects Versions: 2.10.1 > > Environment: JSPWiki 2.10.2 > > Reporter: Harry Metske > > Assignee: Harry Metske > > Fix For: 2.10.2 > > > > Attachments: JSPWIKI-878.patch > > > > > > It should be possible to configure JSPWiki using environment variables. > > Currently we support the jspwiki-custom.properties, and the option to > override properties with Java System properties (see JSPWIKI-660). > > It is more convenient to work with envvars than tweaking the JVM > arguments, at least in some enviroments. > > I am currently playing around with Docker and want to have a JSPWiki > running in it, therefore we need envvars. > > The patch is simple , just a few lines of code in TextUtil, I will > attach a patch proposal. > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) >
