You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by David Stewart <da...@estafet.com> on 2019/09/30 16:43:15 UTC

Avoid plain text for saslPassword

Hi,

I am trying to avoid storing passwords in plain text, however I cannot see
how to avoid this with the qdrouter config file. Does anyone have any idea
how this can be achieved?
e.g.

connector {
    name: LocalAMQBroker
    host: localhost
    port: 5672
    role: route-container
    saslUsername: admin
    saslPassword: password
    saslMechanisms: PLAIN
}

Kind regards,
Dave Stewart

-- 


This email and any
files transmitted with it are confidential and solely 
for the use of the intended
recipient. This message contains confidential

information and is intended only for the individual named. If you are not 
the
intended recipient you are notified that disclosing, copying, 
distributing or
taking any action in reliance on the contents of this 
information is strictly
prohibited. Please notify the sender immediately by 
e-mail if you have
received this e-mail by mistake and delete this e-mail 
from your system.



 





Computer
viruses can be transmitted via email. 
The recipient should check this email and
any attachments for the presence 
of viruses. Although the company has taken reasonable
precautions to ensure 
no viruses are present in this email, the company cannot
accept 
responsibility for any loss or damage arising from the use of this email
or 
attachments.



 






Any views or opinions
presented in this email are 
solely those of the author and do not necessarily
represent those of the 
Estafet. Employees of Estafet are expressly required not
to make defamatory 
statements and not to infringe or authorize any infringement
of copyright 
or any other legal right by email communications. Any such
communication is 
contrary to company policy. The company will not accept any
liability in 
respect of such communication, and the employee responsible will
be 
personally liable for any damages or other liability arising.



 

Re: Avoid plain text for saslPassword

Posted by Ganesh Murthy <gm...@redhat.com>.
On Tue, Oct 1, 2019 at 3:47 AM David Stewart <da...@estafet.com>
wrote:

> Hi Ganesh,
>
> I think that would certainly help, as the config can then be made visible
> more widely, and only access to the machine/container would facilitate
> access to the password.
>
I have entered a JIRA for this -
https://issues.apache.org/jira/browse/DISPATCH-1434
We will try to get this into the 1.10 release of Qpid Dispatch Router.

>
> Kind regards,
> Dave.
>
> On Mon, 30 Sep 2019 at 18:15, Ganesh Murthy <gm...@redhat.com> wrote:
>
> > On Mon, Sep 30, 2019 at 12:43 PM David Stewart <
> david.stewart@estafet.com>
> > wrote:
> >
> > > Hi,
> > >
> > > I am trying to avoid storing passwords in plain text, however I cannot
> > see
> > > how to avoid this with the qdrouter config file. Does anyone have any
> > idea
> > > how this can be achieved?
> > >
> > Currently you are required to put the plain text saslPassword in the
> config
> > file. Would it be acceptable for you if we introduced a new attribute
> > called saslPasswordFile where you can specify the full path of the file
> > containing the saslPassword ? You can set permissions on that file.
> > This will be very similar to the passwordFile attribute of the sslProfile
> > entity.
> > Thanks.
> >
> > > e.g.
> > >
> > > connector {
> > >     name: LocalAMQBroker
> > >     host: localhost
> > >     port: 5672
> > >     role: route-container
> > >     saslUsername: admin
> > >     saslPassword: password
> > >     saslMechanisms: PLAIN
> > > }
> > >
> > > Kind regards,
> > > Dave Stewart
> > >
> > > --
> > >
> > >
> > > This email and any
> > > files transmitted with it are confidential and solely
> > > for the use of the intended
> > > recipient. This message contains confidential
> > >
> > > information and is intended only for the individual named. If you are
> not
> > > the
> > > intended recipient you are notified that disclosing, copying,
> > > distributing or
> > > taking any action in reliance on the contents of this
> > > information is strictly
> > > prohibited. Please notify the sender immediately by
> > > e-mail if you have
> > > received this e-mail by mistake and delete this e-mail
> > > from your system.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Computer
> > > viruses can be transmitted via email.
> > > The recipient should check this email and
> > > any attachments for the presence
> > > of viruses. Although the company has taken reasonable
> > > precautions to ensure
> > > no viruses are present in this email, the company cannot
> > > accept
> > > responsibility for any loss or damage arising from the use of this
> email
> > > or
> > > attachments.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Any views or opinions
> > > presented in this email are
> > > solely those of the author and do not necessarily
> > > represent those of the
> > > Estafet. Employees of Estafet are expressly required not
> > > to make defamatory
> > > statements and not to infringe or authorize any infringement
> > > of copyright
> > > or any other legal right by email communications. Any such
> > > communication is
> > > contrary to company policy. The company will not accept any
> > > liability in
> > > respect of such communication, and the employee responsible will
> > > be
> > > personally liable for any damages or other liability arising.
> > >
> > >
> > >
> > >
> > >
> >
>
>
> --
>
> *David Stewart*
>
> *Senior Consultant*
>
>
> *Estafet Limited*
>
> *The Clubhouse*
>
> *8 St. James’s Square*
>
> *St. James’s*
>
> *London*
>
>
> *SW1Y 4JU*
>
> *Main   +44 208 012 8599 <+44%2020%208614%207070>*
>
> *Mobile +44 7780 114 849*
>
> *Email david.stewart@estafet.com <an...@estafet.com>*
>
> * www.estafet.com <http://www.estafet.com/>    *
>
> * Registered at: Companies House, Cardiff. Company Number: 4444147*
>
> *Registered Office: 8 The Printworks, Dunstable Road, Richmond, Surrey TW9
> 1RR*
>
> --
>
>
> This email and any
> files transmitted with it are confidential and solely
> for the use of the intended
> recipient. This message contains confidential
>
> information and is intended only for the individual named. If you are not
> the
> intended recipient you are notified that disclosing, copying,
> distributing or
> taking any action in reliance on the contents of this
> information is strictly
> prohibited. Please notify the sender immediately by
> e-mail if you have
> received this e-mail by mistake and delete this e-mail
> from your system.
>
>
>
>
>
>
>
>
>
> Computer
> viruses can be transmitted via email.
> The recipient should check this email and
> any attachments for the presence
> of viruses. Although the company has taken reasonable
> precautions to ensure
> no viruses are present in this email, the company cannot
> accept
> responsibility for any loss or damage arising from the use of this email
> or
> attachments.
>
>
>
>
>
>
>
>
>
>
> Any views or opinions
> presented in this email are
> solely those of the author and do not necessarily
> represent those of the
> Estafet. Employees of Estafet are expressly required not
> to make defamatory
> statements and not to infringe or authorize any infringement
> of copyright
> or any other legal right by email communications. Any such
> communication is
> contrary to company policy. The company will not accept any
> liability in
> respect of such communication, and the employee responsible will
> be
> personally liable for any damages or other liability arising.
>
>
>
>
>

Re: Avoid plain text for saslPassword

Posted by David Stewart <da...@estafet.com>.
Hi Ganesh,

I think that would certainly help, as the config can then be made visible
more widely, and only access to the machine/container would facilitate
access to the password.

Kind regards,
Dave.

On Mon, 30 Sep 2019 at 18:15, Ganesh Murthy <gm...@redhat.com> wrote:

> On Mon, Sep 30, 2019 at 12:43 PM David Stewart <da...@estafet.com>
> wrote:
>
> > Hi,
> >
> > I am trying to avoid storing passwords in plain text, however I cannot
> see
> > how to avoid this with the qdrouter config file. Does anyone have any
> idea
> > how this can be achieved?
> >
> Currently you are required to put the plain text saslPassword in the config
> file. Would it be acceptable for you if we introduced a new attribute
> called saslPasswordFile where you can specify the full path of the file
> containing the saslPassword ? You can set permissions on that file.
> This will be very similar to the passwordFile attribute of the sslProfile
> entity.
> Thanks.
>
> > e.g.
> >
> > connector {
> >     name: LocalAMQBroker
> >     host: localhost
> >     port: 5672
> >     role: route-container
> >     saslUsername: admin
> >     saslPassword: password
> >     saslMechanisms: PLAIN
> > }
> >
> > Kind regards,
> > Dave Stewart
> >
> > --
> >
> >
> > This email and any
> > files transmitted with it are confidential and solely
> > for the use of the intended
> > recipient. This message contains confidential
> >
> > information and is intended only for the individual named. If you are not
> > the
> > intended recipient you are notified that disclosing, copying,
> > distributing or
> > taking any action in reliance on the contents of this
> > information is strictly
> > prohibited. Please notify the sender immediately by
> > e-mail if you have
> > received this e-mail by mistake and delete this e-mail
> > from your system.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Computer
> > viruses can be transmitted via email.
> > The recipient should check this email and
> > any attachments for the presence
> > of viruses. Although the company has taken reasonable
> > precautions to ensure
> > no viruses are present in this email, the company cannot
> > accept
> > responsibility for any loss or damage arising from the use of this email
> > or
> > attachments.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Any views or opinions
> > presented in this email are
> > solely those of the author and do not necessarily
> > represent those of the
> > Estafet. Employees of Estafet are expressly required not
> > to make defamatory
> > statements and not to infringe or authorize any infringement
> > of copyright
> > or any other legal right by email communications. Any such
> > communication is
> > contrary to company policy. The company will not accept any
> > liability in
> > respect of such communication, and the employee responsible will
> > be
> > personally liable for any damages or other liability arising.
> >
> >
> >
> >
> >
>


-- 

*David Stewart*

*Senior Consultant*


*Estafet Limited*

*The Clubhouse*

*8 St. James’s Square*

*St. James’s*

*London*


*SW1Y 4JU*

*Main   +44 208 012 8599 <+44%2020%208614%207070>*

*Mobile +44 7780 114 849*

*Email david.stewart@estafet.com <an...@estafet.com>*

* www.estafet.com <http://www.estafet.com/>    *

* Registered at: Companies House, Cardiff. Company Number: 4444147*

*Registered Office: 8 The Printworks, Dunstable Road, Richmond, Surrey TW9
1RR*

-- 


This email and any
files transmitted with it are confidential and solely 
for the use of the intended
recipient. This message contains confidential

information and is intended only for the individual named. If you are not 
the
intended recipient you are notified that disclosing, copying, 
distributing or
taking any action in reliance on the contents of this 
information is strictly
prohibited. Please notify the sender immediately by 
e-mail if you have
received this e-mail by mistake and delete this e-mail 
from your system.



 





Computer
viruses can be transmitted via email. 
The recipient should check this email and
any attachments for the presence 
of viruses. Although the company has taken reasonable
precautions to ensure 
no viruses are present in this email, the company cannot
accept 
responsibility for any loss or damage arising from the use of this email
or 
attachments.



 






Any views or opinions
presented in this email are 
solely those of the author and do not necessarily
represent those of the 
Estafet. Employees of Estafet are expressly required not
to make defamatory 
statements and not to infringe or authorize any infringement
of copyright 
or any other legal right by email communications. Any such
communication is 
contrary to company policy. The company will not accept any
liability in 
respect of such communication, and the employee responsible will
be 
personally liable for any damages or other liability arising.



 

Re: Avoid plain text for saslPassword

Posted by Ganesh Murthy <gm...@redhat.com>.
On Mon, Sep 30, 2019 at 12:43 PM David Stewart <da...@estafet.com>
wrote:

> Hi,
>
> I am trying to avoid storing passwords in plain text, however I cannot see
> how to avoid this with the qdrouter config file. Does anyone have any idea
> how this can be achieved?
>
Currently you are required to put the plain text saslPassword in the config
file. Would it be acceptable for you if we introduced a new attribute
called saslPasswordFile where you can specify the full path of the file
containing the saslPassword ? You can set permissions on that file.
This will be very similar to the passwordFile attribute of the sslProfile
entity.
Thanks.

> e.g.
>
> connector {
>     name: LocalAMQBroker
>     host: localhost
>     port: 5672
>     role: route-container
>     saslUsername: admin
>     saslPassword: password
>     saslMechanisms: PLAIN
> }
>
> Kind regards,
> Dave Stewart
>
> --
>
>
> This email and any
> files transmitted with it are confidential and solely
> for the use of the intended
> recipient. This message contains confidential
>
> information and is intended only for the individual named. If you are not
> the
> intended recipient you are notified that disclosing, copying,
> distributing or
> taking any action in reliance on the contents of this
> information is strictly
> prohibited. Please notify the sender immediately by
> e-mail if you have
> received this e-mail by mistake and delete this e-mail
> from your system.
>
>
>
>
>
>
>
>
>
> Computer
> viruses can be transmitted via email.
> The recipient should check this email and
> any attachments for the presence
> of viruses. Although the company has taken reasonable
> precautions to ensure
> no viruses are present in this email, the company cannot
> accept
> responsibility for any loss or damage arising from the use of this email
> or
> attachments.
>
>
>
>
>
>
>
>
>
>
> Any views or opinions
> presented in this email are
> solely those of the author and do not necessarily
> represent those of the
> Estafet. Employees of Estafet are expressly required not
> to make defamatory
> statements and not to infringe or authorize any infringement
> of copyright
> or any other legal right by email communications. Any such
> communication is
> contrary to company policy. The company will not accept any
> liability in
> respect of such communication, and the employee responsible will
> be
> personally liable for any damages or other liability arising.
>
>
>
>
>