[
https://issues.apache.org/jira/browse/QPID-6506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-6506:
-----------------------------
Affects Version/s: 0.8 0.32
> PropertiesFileInitialContextFactory pollutes system properties with values
> that may contain passwords
> -----------------------------------------------------------------------------------------------------
>
> Key: QPID-6506
> URL: https://issues.apache.org/jira/browse/QPID-6506
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: 0.8, 0.32
> Reporter: Keith Wall
> Priority: Minor
>
> The current implementation of PropertiesFileInitialContextFactory sets each
> property key encountered in the properties file as a system property
> (providing a system property with the same name does not already exist).
> It is not uncommon for applications or frameworks to log all system
> properties to aid diagnostics. If such an application were to include the
> Qpid client, such logging may include connection urls and thus may include
> passwords in the clear too.
> It seems difficult to justify why the PropertiesFileInitialContextFactory
> should behave in this way. To me, it does not obviously support a end user
> use-case. The commit comment goes back six years and seems to include a
> change made to help testing.
> Change PropertiesFileInitialContextFactory so that it no longer alters the
> system properties.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
