[ https://issues.apache.org/jira/browse/DBCP-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984576#comment-14984576 ]
Gary Gregory commented on DBCP-448: ----------------------------------- There are some legitimate use for calling {{getPassword()}} of course. We are only talking about JMX here, so it seems to me we should have something that deals specifically with the JMX use-case. I'm not sure what the best way to do that though. If there is a property that causes {{getPassword()}} to return null, would that only be {{getPassword()}} through JMX or all callers of {{getPassword()}}? > Disable password exposure via JMX. > ---------------------------------- > > Key: DBCP-448 > URL: https://issues.apache.org/jira/browse/DBCP-448 > Project: Commons Dbcp > Issue Type: Improvement > Affects Versions: 2.1 > Reporter: MichaĆ Jedynak > Priority: Minor > > Currently there is no control over which methods are exposed as mbeans via > JMX in BasicDataSource. > The main issue with this approach is that 'getPassword' method is also > exposed which is most of the time problematic on production environments. > It would be nice to have some control over the exposed methods to be able to > disable password exposure. -- This message was sent by Atlassian JIRA (v6.3.4#6332)