https://issues.apache.org/bugzilla/show_bug.cgi?id=53968
Konstantin Kolinko <knst.koli...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #1 from Konstantin Kolinko <knst.koli...@gmail.com> --- JMX is a tool for low-level administrative access, it has to be appropriate secured (like root on unixes). It exposes a lot, including passwords. They might be used by tools to write out configuration files for Tomcat. > public String getPassword() { > return "Password not available as DataSource/JMX operation."; > } The above implementation (introduced in r793732 ) is, in my opinion, wrong. It would be OK to expose the password there. I will leave the above method as is for now, as nobody asked for it to be implemented. (I'd be afraid of surprises such as a) some 3-rd party MBeans implementations that blindly enumerate and expose properties of an object, b) lazy toString() implementations, such as one fixed by bug 54599 ). Closing as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org