[jira] [Commented] (FINERACT-1653) Security Threat Cannot boot Apache Fineract if database is not on local host and password is not the default

Wed, 31 Aug 2022 11:39:17 -0700 


    [ 
https://issues.apache.org/jira/browse/FINERACT-1653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598558#comment-17598558
 ] 

Francis Guchie commented on FINERACT-1653:
------------------------------------------

[~aleks]  Yes i agree with you it is not a security threat for other versions 
1.5 and below 

> Security Threat Cannot boot Apache Fineract if database is not on local host 
> and password is not the default
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: FINERACT-1653
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1653
>             Project: Apache Fineract
>          Issue Type: Bug
>    Affects Versions: 1.7.0
>            Reporter: Francis Guchie
>            Assignee: Francis Guchie
>            Priority: Major
>             Fix For: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0
>
>
> As a user, i would like to setup apache fineract in a live production where 
> the database server is separate from the ui server with a different root 
> password from usual. 
> In the latest release, 1.7.0, there is a pre-compiled jar by the names of 
> fineract-provider-1.5.1-0d5bace3-plain.jar which is used during boot up of 
> Apache-Fineract. 
> As such, the user gets an error shown below ( amongst others )
> Error creating bean with name '(inner bean)#10ee8a73':
> Cannot resolve reference to bean 'entityManagerFactory' while setting 
> constructor argument; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'tenantDatabaseUpgradeService' defined in URL 
> [jar:file:{*}/usr/share/tomcat9/webapps/fineract-provider/WEB-INF/lib/fineract-provider-1.5.1-0d5bace3-plain.jar{*}!
> /org/apache/fineract/infrastructure/core/service/migration/TenantDatabaseUpgradeService.class]:
>  Unsatisfied dependency expressed through constructor parameter 0; 
> nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'jdbcTenantDetailsService' 
> defined in URL 
> [jar:file:/{*}usr/share/tomcat9/webapps/fineract-provider/WEB-INF/lib/fineract-provider-1.5.1-0d5bace3-plain.jar!{*}
> this means users will not be able to deploy Mifos without using the default 
> root password and if they have the database and ui on different servers. 
> IN release 1.6.0, tomcat deployment users had the opportunity to edit the 
> following files after a first boot up when the war file is deployed (
> *......webapps/fineract-provider/WEB-INF/classes/META-INF/spring/jdbc.properties*
> *.....webapps/fineract-provider/WEB-INF/classes/META-INF/spring/hikariDataSource.xml*
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to