Server admin password is written in plain text
----------------------------------------------
Key: GERONIMODEVTOOLS-732
URL: https://issues.apache.org/jira/browse/GERONIMODEVTOOLS-732
Project: Geronimo-Devtools
Issue Type: Bug
Components: eclipse-plugin
Affects Versions: 3.0_M1
Environment: Windows XP, Eclipse 3.6.2 + Geronimo 3.0 server adapter
Reporter: Troy Bishop
I was looking at the persisted form of the Apache Geronimo server within
Eclipse (found in
workspace\.metadata\.plugins\org.eclipse.wst.server.core\servers.xml) and I saw
that the admin password is written in plain text, i.e.
<server cloudIsEnabled="false" hostname="localhost" id="Apache Geronimo v3.0
Server at localhost" inPlaceSharedLib="false" karafShell="false" name="Apache
Geronimo v3.0 Server at localhost" runFromWorkspace="false" runtime-id="Apache
Geronimo v3.0" selectClasspathContainers="false"
server-type="org.apache.geronimo.server.30"
server-type-id="org.apache.geronimo.server.30" start-timeout="240"
stop-timeout="30" timestamp="7">
<map RMIRegistry="1099" WebConnector="8080" adminID="system"
adminPassword="manager" cleanOSGiBundleCache="false"
key="geronimo_server_instance_properties" logLevel="--long" maxPings="40"
pingDelay="10000" pingInterval="5000" publishTimeout="900000"/>
</server>
I think that password should be encrypted when it is persisted to disk.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
