[ https://issues.apache.org/jira/browse/GERONIMO-4927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks updated GERONIMO-4927: ----------------------------------- Affects Version/s: (was: 2.2.1) 2.2 2.1.5 Fix Version/s: (was: 2.2) 2.2.1 tomcat ssl should be using one of out keystore gbeans so it doesn't need to know about the password at all. Not gonna happen for 2.2 anyway... > keystorePass attribute on TomcatWebSSLConnector GBean should be > encrypted/obscured > ---------------------------------------------------------------------------------- > > Key: GERONIMO-4927 > URL: https://issues.apache.org/jira/browse/GERONIMO-4927 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Affects Versions: 2.1.5, 2.2 > Reporter: Kevan Miller > Fix For: 2.1.5, 2.2.1, 3.0 > > > keystorePass does not conform to the current convention for > encrypting/obscuring GBean attributes. Currently, attribute names with > 'password' will be encrypted. > We should either recognize keystorePass as an attribute requiring encryption > or add a new keystorePassword attribute and start using that (with some > appropriate migration logic, if a 'keystorePass' is configured). I guess I > prefer the latter option. Other opinions? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.