https://issues.apache.org/bugzilla/show_bug.cgi?id=53968
Konstantin Kolinko <knst.koli...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Konstantin Kolinko <knst.koli...@gmail.com> ---
JMX is a tool for low-level administrative access, it has to be appropriate
secured (like root on unixes). It exposes a lot, including passwords. They
might be used by tools to write out configuration files for Tomcat.
> public String getPassword() {
> return "Password not available as DataSource/JMX operation.";
> }
The above implementation (introduced in r793732 ) is, in my opinion, wrong. It
would be OK to expose the password there. I will leave the above method as is
for now, as nobody asked for it to be implemented.
(I'd be afraid of surprises such as a) some 3-rd party MBeans implementations
that blindly enumerate and expose properties of an object, b) lazy toString()
implementations, such as one fixed by bug 54599 ).
Closing as WONTFIX.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
