Re: [jira] [Updated] (JSPWIKI-878) configure JSPWiki with environment variables

Tue, 03 Mar 2015 08:04:46 -0800 

I dont see a security issue.
If someone is able to intercept the startup script or manipulate envvars,
then you already have a security issue.

Kind regards,
Harry
 Op 3 mrt. 2015 08:29 schreef "Ichiro Furusato" <ichiro.furus...@gmail.com>:

> Hi Harry,
>
> Just a quick question: do you see any security issues that may arise by
> this practice? if so,
> how might these be mitigated?
>
> I'm thinking in particular of how someone might introduce a vulnerability
> in JSPWiki by
> intercepting the startup script and setting an environment variable to
> alter a behaviour.
>
> Cheers,
>
> Ichiro
>
>
> On Tue, Mar 3, 2015 at 7:33 PM, Harry Metske (JIRA) <j...@apache.org>
> wrote:
>
> >
> >      [
> >
> https://issues.apache.org/jira/browse/JSPWIKI-878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> > ]
> >
> > Harry Metske updated JSPWIKI-878:
> > ---------------------------------
> >     Attachment:     (was: JSPWIKI-878.patch)
> >
> > > configure JSPWiki with environment variables
> > > --------------------------------------------
> > >
> > >                 Key: JSPWIKI-878
> > >                 URL: https://issues.apache.org/jira/browse/JSPWIKI-878
> > >             Project: JSPWiki
> > >          Issue Type: Improvement
> > >          Components: Core & storage
> > >    Affects Versions: 2.10.1
> > >         Environment: JSPWiki 2.10.2
> > >            Reporter: Harry Metske
> > >            Assignee: Harry Metske
> > >             Fix For: 2.10.2
> > >
> > >         Attachments: JSPWIKI-878.patch
> > >
> > >
> > > It should be possible to configure JSPWiki using environment variables.
> > > Currently we support the jspwiki-custom.properties, and the option to
> > override properties with Java System properties (see JSPWIKI-660).
> > > It is more convenient to work with envvars than tweaking the JVM
> > arguments, at least in some enviroments.
> > > I am currently playing around with Docker and want to have a JSPWiki
> > running in it, therefore we need envvars.
> > > The patch is simple , just a few lines of code in TextUtil, I will
> > attach a patch proposal.
> >
> >
> >
> > --
> > This message was sent by Atlassian JIRA
> > (v6.3.4#6332)
> >
>

Reply via email to