[jira] [Work logged] (ARTEMIS-6037) Refactor handling of cluster credentials

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/ARTEMIS-6037?focusedWorklogId=1019837&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1019837
 ]

ASF GitHub Bot logged work on ARTEMIS-6037:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/May/26 13:31
            Start Date: 12/May/26 13:31
    Worklog Time Spent: 10m 
      Work Description: clebertsuconic commented on code in PR #6436:
URL: https://github.com/apache/artemis/pull/6436#discussion_r3226777642


##########
artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/Create.java:
##########
@@ -451,7 +451,7 @@ protected void setClusterPassword(String clusterPassword) {
 
    protected String getClusterPassword() {
       if (clusterPassword == null) {
-         clusterPassword = inputPassword("--cluster-password", "What is the 
cluster password?", "password-admin");
+         clusterPassword = inputPassword("--cluster-password", "What is the 
cluster password?", ActiveMQDefaultConfiguration.getDefaultClusterPassword());

Review Comment:
   I would remove the default argument on inputPassword, and throw an exception 
if not passed, and while in silent..
   
   I have a branch with this suggestion:
   
   https://github.com/clebertsuconic/artemis/tree/ARTEMIS-6037





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1019837)
    Time Spent: 2h 40m  (was: 2.5h)

> Refactor handling of cluster credentials
> ----------------------------------------
>
>                 Key: ARTEMIS-6037
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-6037
>             Project: Artemis
>          Issue Type: Task
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> To strengthen broker security out-of-the-box we should reject any connection 
> using the default cluster credentials. We already force users to explicitly 
> select a custom username and password when a non-clustered broker instance is 
> created. Additionally, we force them to explicitly select custom cluster 
> credentials when creating a clustered broker instance. However, there are 
> still default values for cluster credentials that we should categorically 
> reject.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@artemis.apache.org
For additional commands, e-mail: issues-h...@artemis.apache.org