[
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=398074&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-398074
]
ASF GitHub Bot logged work on DBCP-562:
---------------------------------------
Author: ASF GitHub Bot
Created on: 05/Mar/20 02:14
Start Date: 05/Mar/20 02:14
Worklog Time Spent: 10m
Work Description: garydgregory commented on issue #38: [DBCP-562] avoids
exposing password via JMX
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-594991633
Well, since we cannot get rid of the method within a major release, we need
to workaround that by perhaps making it return always null but only when
publishing an implementation as a JMX object, which might mean creating a
wrapper class that delegates all methods except getPassword().
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 398074)
Time Spent: 40m (was: 0.5h)
> Password should not be exposed via JMXBean
> ------------------------------------------
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
> Issue Type: Bug
> Affects Versions: 2.5.0, 2.7.0
> Reporter: Frank Gasdorf
> Priority: Critical
> Labels: security
> Time Spent: 40m
> Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is
> exposed/exported via jmx and is visible for everybody who is connected to jmx
> port.
>
> Expectation : Do not export it via BasicDataSourceMXBean Interface
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
