[
https://issues.apache.org/jira/browse/QPID-6364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14312426#comment-14312426
]
ASF subversion and git services commented on QPID-6364:
-------------------------------------------------------
Commit 1658453 from [email protected] in branch 'qpid/trunk'
[ https://svn.apache.org/r1658453 ]
QPID-6364: Set Keystore/Truststore derived attribute 'path' to non-data URL.
Change the upgrader to upgrade only FileKeyStore and FileTrustStore
> [Java Broker] Keystore data url must be a secure attribute
> ----------------------------------------------------------
>
> Key: QPID-6364
> URL: https://issues.apache.org/jira/browse/QPID-6364
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Reporter: Alex Rudyy
> Assignee: Keith Wall
> Fix For: 0.31
>
>
> The contents of the java keystore are private by its nature, whilst it is
> protected by password, we shouldn't return the contents over REST, as this
> would pose a security concern.
> Refactor the FileKeystoreImpl/UI so that the contents of the keystore can be
> marked as private.
> New attribute (marked as secure) that accepts both a path or dataurl.
> Path attribute to become derived, It will populated only if it contains a
> file path (if the object is being populated from a dataurl it will be null)
> Upgrader to take care of upgrading old stores with the path attribute
> Changes to the UI. UI to continue to allow an existing path to be
> modified.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
