[
https://issues.apache.org/jira/browse/QPID-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomas Vavricka updated QPID-8667:
---------------------------------
Fix Version/s: qpid-java-broker-9.2.0
(was: qpid-java-broker-9.1.1)
> [Broker-J] Database connection with client certificate authentication exposes
> keystore / truststore passwords
> -------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8667
> URL: https://issues.apache.org/jira/browse/QPID-8667
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-broker-9.1.0
> Reporter: Daniil Kirilyuk
> Priority: Minor
> Fix For: qpid-java-broker-9.2.0
>
>
> JDBC allows to supply datasource parameters via JDBC connection string in
> form:
> jdbc:<vendor>://<hostname>:<port>/<database>?key1=value1&key2=value2&key3=value3
> Relevant configuration for a virtualhost for PostgreSQL looks like following:
> {code:java}
> {
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl":
> "jdbc:postgresql://<hostname>:<port>/<database_name>?ssl=true&sslmode=verify-full&sslkey=<path_to_ssl_key_file>&sslpassword=<ssl_key_file_password>&sslrootcert=<path_to_root_certificate>",
> "username": "QPID",
> "password": null
> } {code}
> To make hide sensitive parameters like keystore / truststore passwords
> configuration should reference a keystore or truststore instead providing the
> RDBMS-specific parameter names:
> {code:java}
> {
> "name" : "default",
> "type" : "JDBC",
> "connectionPoolType" : "BONECP",
> "connectionUrl" :
> "jdbc:postgresql://<hostname>:<port>/<database_name>?ssl=true&sslmode=verify-full&sslrootcert=<path_to_root_certificate>",
> "keyStore" : "keystore-database",
> "keyStorePasswordPropertyName" : "sslpassword",
> "keyStorePathPropertyName" : "sslkey",
> "trustStore" : null,
> "trustStorePasswordPropertyName" : null,
> "trustStorePathPropertyName" : null,
> "username" : "QPID"
> }{code}
> Here keystore "keystore-database" is referenced, containing path to the
> keystore as well as its password (which is hidden). Path to the keystore
> should be injected into the JDBC connection string using the parameter
> "keyStorePathPropertyName", keystores password should be injected into JDBC
> connection string using the parameter "keyStorePasswordPropertyName".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
