On Mon, Aug 19, 2013 at 10:52 AM, Gary Gregory <[email protected]>wrote:
> On Mon, Aug 19, 2013 at 10:34 AM, Ralph Goers <[email protected]> wrote: > >> I'm not sure how this applies to what you are suggesting, but we should >> avoid passwords being in clear text in the configuration. I would suggest >> using a standard plugin interface similar to what I did with the secret key >> provider in the Flume Appender. >> > > We should at the last offer something like > http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords > So perhaps we need a boolean password attribute on PluginElement and PluginAttribute Gary > > Gary > > >> >> Ralph >> >> On Aug 19, 2013, at 7:29 AM, Gary Gregory <[email protected]> wrote: >> >> On Mon, Aug 19, 2013 at 10:25 AM, Paul Benedict <[email protected]>wrote: >> >>> Do you need the password ever after authentication? >>> >> >> I guess it depends on whether the code handles re-auth in case of a >> disconnect. >> >> Gary >> >> >>> >>> On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory <[email protected]>wrote: >>> >>>> On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers <[email protected]> wrote: >>>> >>>>> What passwords? >>>>> >>>> >>>> For example: >>>> >>>> - org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password >>>> - org.apache.logging.log4j.core.net.JMSTopicManager.password >>>> - org.apache.logging.log4j.core.net.JMSQueueManager.FactoryData.password >>>> >>>> Gary >>>> >>>>> >>>>> Ralph >>>>> >>>>> On Aug 19, 2013, at 4:22 AM, Gary Gregory <[email protected]> >>>>> wrote: >>>>> >>>>> I've seen it done many places: Should we track passwords internally as >>>>> char[] instead of String for ivars. >>>>> >>>>> This prevents Log4j spilling your secrets by accident in a toString to >>>>> internal log call. >>>>> >>>>> Gary >>>>> >>>>> -- >>>>> E-Mail: [email protected] | [email protected] >>>>> Java Persistence with Hibernate, Second >>>>> Edition<http://www.manning.com/bauer3/> >>>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >>>>> Spring Batch in Action <http://www.manning.com/templier/> >>>>> Blog: http://garygregory.wordpress.com >>>>> Home: http://garygregory.com/ >>>>> Tweet! http://twitter.com/GaryGregory >>>>> >>>>> >>>> >>>> >>>> -- >>>> E-Mail: [email protected] | [email protected] >>>> Java Persistence with Hibernate, Second >>>> Edition<http://www.manning.com/bauer3/> >>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >>>> Spring Batch in Action <http://www.manning.com/templier/> >>>> Blog: http://garygregory.wordpress.com >>>> Home: http://garygregory.com/ >>>> Tweet! http://twitter.com/GaryGregory >>>> >>> >>> >>> >>> -- >>> Cheers, >>> Paul >>> >> >> >> >> -- >> E-Mail: [email protected] | [email protected] >> Java Persistence with Hibernate, Second >> Edition<http://www.manning.com/bauer3/> >> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >> Spring Batch in Action <http://www.manning.com/templier/> >> Blog: http://garygregory.wordpress.com >> Home: http://garygregory.com/ >> Tweet! http://twitter.com/GaryGregory >> >> > > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second > Edition<http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
