kgiusti commented on a change in pull request #582: DISPATCH-1440 - Deprecated
passwordFile attribute in sslProfile and m…
URL: https://github.com/apache/qpid-dispatch/pull/582#discussion_r332160677
##########
File path: python/qpid_dispatch/management/qdrouter.json
##########
@@ -633,14 +633,14 @@
},
"passwordFile": {
"type": "path",
- "description": "If the above private key is password
protected, this is the absolute path to a file containing the password that
unlocks the certificate key. This file should be permission protected to limit
access",
+ "description": "(DEPRECATED) If the above private key is
password protected, this is the absolute path to the file containing the
password that unlocks the certificate key. This file should be permission
protected to limit access. This has been deprecated. Use the file: prefix in
the password field to specify the absolute path of the file containing the
password. If both password and passwordFile are provided, the passwordFile is
ignored",
+ "deprecated": true,
"create": true
},
"password": {
"type": "string",
- "description": "(DEPRECATED) An alternative to storing the
password in a file referenced by passwordFile is to supply the password right
here in the configuration file. This takes precedence over the passwordFile if
both are specified. This attribute has been deprecated because it is unsafe to
store plain text passwords in config files. Use the passwordFile instead",
- "deprecated": true,
+ "description": "Password that unlocks the certificate key.
Supports three openssl style prefixes namely - env:, file: pass:. Also supports
the legacy literal: prefix. env:var obtains the password from the environment
variable var. Since the environment of other processes is visible on certain
platforms (e.g. ps under certain Unix OSes) this option should be used with
caution. file:absolutepath obtains the password from the absolute path of the
file containing the password. This option is the safest since permissions can
be set on the file. pass:password or literal:password or password with no
prefix is used to directly specify the password and should only be used where
security is not important. If both password and passwordFile are provided, the
passwordFile is ignored",
Review comment:
I wouldn't mention openssl here - we're not exactly compatible due to
"literal:"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
