Hi Kevan,
I just fixed the encryption problem when writing the password
JavaBean property to config.xml.
I am still contemplating the following ideas to restrict access to
this GBean attribute as it contains sensitive information:
* for JMX access, I believe we could wrap the MBeanServer
On Nov 13, 2007 4:40 PM, Kevan Miller [EMAIL PROTECTED] wrote:
Hi Gianny,I notice that this scheme is storing admin username and
password in clear text. It will also make the username/password accessible
via JMX. I think we need to avoid this. Would prefer to see this information
handled in a
Hi Kevan,
Sorry for my late reply and thanks for raising this security issue. I
believe that the encryption of password attributes is not enough in
this case as password in this case is an XML JavaBean attribute;
based on a cursory review of GBeanOverride, it seems that this case
is not
Hi Gianny,
I notice that this scheme is storing admin username and password in
clear text. It will also make the username/password accessible via
JMX. I think we need to avoid this. Would prefer to see this
information handled in a manner more consistent with our handling of
sensitive