[
https://issues.apache.org/jira/browse/DBCP-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984576#comment-14984576
]
Gary Gregory commented on DBCP-448:
-----------------------------------
There are some legitimate use for calling {{getPassword()}} of course. We are
only talking about JMX here, so it seems to me we should have something that
deals specifically with the JMX use-case. I'm not sure what the best way to do
that though. If there is a property that causes {{getPassword()}} to return
null, would that only be {{getPassword()}} through JMX or all callers of
{{getPassword()}}?
> Disable password exposure via JMX.
> ----------------------------------
>
> Key: DBCP-448
> URL: https://issues.apache.org/jira/browse/DBCP-448
> Project: Commons Dbcp
> Issue Type: Improvement
> Affects Versions: 2.1
> Reporter: MichaĆ Jedynak
> Priority: Minor
>
> Currently there is no control over which methods are exposed as mbeans via
> JMX in BasicDataSource.
> The main issue with this approach is that 'getPassword' method is also
> exposed which is most of the time problematic on production environments.
> It would be nice to have some control over the exposed methods to be able to
> disable password exposure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
