[
https://issues.apache.org/jira/browse/FELIX-6570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17616433#comment-17616433
]
Christoph Läubrich commented on FELIX-6570:
-------------------------------------------
At least for DS the speci is quite clear:
{code:java}
Bundles performing service registrations on behalf of other bundles (e.g. OSGi
Declarative Services) should propagate all public configuration properties and
not propagate private configuration properties. {code}
So regardless of Webconsole can/should hide that (what would not be bad
anyways!) one should still consider publishing passwords as public properties
to everyone that is able to query services (while configurations are usually
bound to one bundle).
> Components webconsole-plugin shows password in clear text
> ---------------------------------------------------------
>
> Key: FELIX-6570
> URL: https://issues.apache.org/jira/browse/FELIX-6570
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-ds-plugin-2.1.0
> Reporter: Sagar Miglani
> Priority: Major
> Attachments: Screenshot 2022-05-09 at 4.48.42 PM.png,
> webconsole-plugins.patch
>
>
> Open a component details page (eg:
> localhost:8080/system/console/components/${componentId}) for a component with
> a Password Property.
> Passwords are shown in clear text. [^Screenshot 2022-05-09 at 4.48.42 PM.png]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
