Great work, Jon! Glad you found a solution that works for you.
On Tue, Dec 3, 2019 at 3:43 PM randygalbraith <[email protected]>
wrote:
> Hi Jon,
>
> You make mention of this, but probably good to emphasize this point... The
> code I posted is proof-of-concept work and it contains a rather glaring
> security issue. That is:
>
> System.err.println("definition=["+definition+"]");
>
> dumps the plaintext password to stderr, which in my case is
> logs/catalina.out. The real production code will look different and of
> course I'll need to determine what might wind up as exception toString()
> output, so as to avoid leaking a password in that way.
>
> I'm fairly confident in our password store. However, as you mentioned,
> visibility into the process space of the JVM could reveal the plaintext of
> the password.
>
> Cheers, -Randy
>
>
>
>
> --
> Sent from:
> http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
