[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17811866#comment-17811866
]
ASF subversion and git services commented on QPID-8667:
-------------------------------------------------------
Commit cb51d8d31efe24198190264b1bbde7923252810a in qpid-broker-j's branch
refs/heads/main from Daniil Kirilyuk
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=cb51d8d31e ]
QPID-8667: [Broker-J] Database connection with client certificate
authentication exposes keystore / truststore passwords (#236)
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-broker-9.1.0
> Reporter: Daniil Kirilyuk
> Priority: Minor
> Fix For: qpid-java-broker-9.1.1
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:<vendor>://<hostname>:<port>/<database>?key1=value1&key2=value2&key3=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://<hostname>:<port>/<database_name>?ssl=true&sslmode=verify-full&sslkey=<path_to_ssl_key_file>&sslpassword=<ssl_key_file_password>&sslrootcert=<path_to_root_certificate>",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://<hostname>:<port>/<database_name>?ssl=true&sslmode=verify-full&sslrootcert=<path_to_root_certificate>",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
