[jira] [Commented] (ARTEMIS-551) ActiveMQ logs truststore password in plain text

Fri, 03 Jun 2016 06:59:53 -0700 

    [ 
https://issues.apache.org/jira/browse/ARTEMIS-551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15314141#comment-15314141
 ] 

ASF GitHub Bot commented on ARTEMIS-551:
----------------------------------------

GitHub user msmerek opened a pull request:

    https://github.com/apache/activemq-artemis/pull/557

    ARTEMIS-551 Obfuscate truststore password in 
TransportConfiguration.toString()

    Obfuscate truststore password in TransportConfiguration.toString() in the 
same way as keystore. The password will not be logged in plain text when bridge 
is connected.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/msmerek/activemq-artemis ARTEMIS-551

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/557.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #557
    
----
commit 33aa84f4061224fd56cd25eb562e33328bb0f55c
Author: Martin Šmérek <[email protected]>
Date:   2016-06-03T13:52:17Z

    ARTEMIS-551 Obfuscate truststore password in 
TransportConfiguration.toString()
    
    Obfuscate truststore password in TransportConfiguration.toString() in the 
same way as keystore. The password will not be logged in plain text when bridge 
is connected.

----


> ActiveMQ logs truststore password in plain text
> -----------------------------------------------
>
>                 Key: ARTEMIS-551
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-551
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 1.2.0
>            Reporter: Martin Smerek
>            Assignee: Justin Bertram
>
> ActiveMQ logs trust-store-password in plain text during bridge connection.
> 1. Configure two ActiveMQ servers for data replication over netty-ssl as 
> collocated.
> 2. Start both servers and check logs for "221027: Bridge 
> ClusterConnectionBridge... is connected" message and trust-store-password 
> parameter.
> The problem is in 
> org.apache.activemq.artemis.api.core.TransportConfiguration.toString(), 
> particularly in condition
> if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || 
> key.equals(TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD))



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to