Hi Jon,
You make mention of this, but probably good to emphasize this point... The
code I posted is proof-of-concept work and it contains a rather glaring
security issue. That is:
System.err.println("definition=["+definition+"]");
dumps the plaintext password to stderr, which in my case is
logs/catalina.out. The real production code will look different and of
course I'll need to determine what might wind up as exception toString()
output, so as to avoid leaking a password in that way.
I'm fairly confident in our password store. However, as you mentioned,
visibility into the process space of the JVM could reveal the plaintext of
the password.
Cheers, -Randy
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
