You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "John Sisson (JIRA)" <de...@geronimo.apache.org> on 2005/07/16 02:39:13 UTC
[jira] Created: (GERONIMO-766) Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
-------------------------------------------------------------------------------------
Key: GERONIMO-766
URL: http://issues.apache.org/jira/browse/GERONIMO-766
Project: Geronimo
Type: Improvement
Components: deployment
Versions: 1.0-M4
Reporter: John Sisson
Priority: Minor
Currently if someone specifies a userid and password on the command line to the deploy tool, it could be visible to other UNIX users via ps commands.
Should we enable the user to point the deployer to a properties file stored in a secured location) that contains the userid and password? That would be more secure for cases where the tool is being called by scripts and the userid/password prompting is not desired.
Our documentation should also remind users about this security issue.
See mail dev list thread "Deploy tool and user and password security"
http://marc.theaimsgroup.com/?t=112140739500001&r=1&w=2
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (GERONIMO-766) Provide a more secure way for UNIX
scripts to pass userid and password to deploy tool
Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-766?page=all ]
Aaron Mulder closed GERONIMO-766.
---------------------------------
Fix Version/s: 1.0
(was: 1.2)
Resolution: Fixed
Can use "login" command to the deployer to save credentials and then call the tool from a script.
> Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
> -------------------------------------------------------------------------------------
>
> Key: GERONIMO-766
> URL: http://issues.apache.org/jira/browse/GERONIMO-766
> Project: Geronimo
> Issue Type: Improvement
> Components: deployment
> Affects Versions: 1.0-M4, 1.0-M5
> Reporter: John Sisson
> Assigned To: John Sisson
> Priority: Minor
> Fix For: 1.0
>
>
> Currently if someone specifies a userid and password on the command line to the deploy tool, it could be visible to other UNIX users via ps commands.
> Should we enable the user to point the deployer to a properties file stored in a secured location) that contains the userid and password? That would be more secure for cases where the tool is being called by scripts and the userid/password prompting is not desired.
> Our documentation should also remind users about this security issue.
> See mail dev list thread "Deploy tool and user and password security"
> http://marc.theaimsgroup.com/?t=112140739500001&r=1&w=2
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-766) Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
Posted by "John Sisson (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-766?page=all ]
John Sisson updated GERONIMO-766:
---------------------------------
Fix Version: 1.0-M5
Version: 1.0-M5
Assign To: John Sisson
> Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
> -------------------------------------------------------------------------------------
>
> Key: GERONIMO-766
> URL: http://issues.apache.org/jira/browse/GERONIMO-766
> Project: Geronimo
> Type: Improvement
> Components: deployment
> Versions: 1.0-M4, 1.0-M5
> Reporter: John Sisson
> Assignee: John Sisson
> Priority: Minor
> Fix For: 1.0-M5
>
> Currently if someone specifies a userid and password on the command line to the deploy tool, it could be visible to other UNIX users via ps commands.
> Should we enable the user to point the deployer to a properties file stored in a secured location) that contains the userid and password? That would be more secure for cases where the tool is being called by scripts and the userid/password prompting is not desired.
> Our documentation should also remind users about this security issue.
> See mail dev list thread "Deploy tool and user and password security"
> http://marc.theaimsgroup.com/?t=112140739500001&r=1&w=2
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-766) Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
Posted by "David Blevins (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-766?page=all ]
David Blevins updated GERONIMO-766:
-----------------------------------
Fix Version: 1.0
(was: 1.0-M5)
> Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
> -------------------------------------------------------------------------------------
>
> Key: GERONIMO-766
> URL: http://issues.apache.org/jira/browse/GERONIMO-766
> Project: Geronimo
> Type: Improvement
> Components: deployment
> Versions: 1.0-M4, 1.0-M5
> Reporter: John Sisson
> Assignee: John Sisson
> Priority: Minor
> Fix For: 1.0
>
> Currently if someone specifies a userid and password on the command line to the deploy tool, it could be visible to other UNIX users via ps commands.
> Should we enable the user to point the deployer to a properties file stored in a secured location) that contains the userid and password? That would be more secure for cases where the tool is being called by scripts and the userid/password prompting is not desired.
> Our documentation should also remind users about this security issue.
> See mail dev list thread "Deploy tool and user and password security"
> http://marc.theaimsgroup.com/?t=112140739500001&r=1&w=2
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-766) Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
Posted by "John Sisson (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-766?page=all ]
John Sisson updated GERONIMO-766:
---------------------------------
Fix Version: 1.1
(was: 1.0)
> Provide a more secure way for UNIX scripts to pass userid and password to deploy tool
> -------------------------------------------------------------------------------------
>
> Key: GERONIMO-766
> URL: http://issues.apache.org/jira/browse/GERONIMO-766
> Project: Geronimo
> Type: Improvement
> Components: deployment
> Versions: 1.0-M4, 1.0-M5
> Reporter: John Sisson
> Assignee: John Sisson
> Priority: Minor
> Fix For: 1.1
>
> Currently if someone specifies a userid and password on the command line to the deploy tool, it could be visible to other UNIX users via ps commands.
> Should we enable the user to point the deployer to a properties file stored in a secured location) that contains the userid and password? That would be more secure for cases where the tool is being called by scripts and the userid/password prompting is not desired.
> Our documentation should also remind users about this security issue.
> See mail dev list thread "Deploy tool and user and password security"
> http://marc.theaimsgroup.com/?t=112140739500001&r=1&w=2
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira