You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Kevan Miller (JIRA)" <ji...@apache.org> on 2011/05/26 05:17:47 UTC
[jira] [Created] (GERONIMO-5980) Improper encryption/obfuscation of
passwords in configuration files
Improper encryption/obfuscation of passwords in configuration files
-------------------------------------------------------------------
Key: GERONIMO-5980
URL: https://issues.apache.org/jira/browse/GERONIMO-5980
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Reporter: Kevan Miller
Several users have reported problems starting Geronimo. The cause seems to be improperly encrypted passwords. Plain text passwords will be encrypted/obfuscated in configuration files. A very good hypothesis posed by Michael Peterson is that the problem occurs if you try to start Geronimo with an improperly configured JAVA_HOMEStarting Geronimo without a JAVA_HOME configured may cause passwords to be improperly encrypted. They may end up encrypted as {Simple}null
>From an email:
{quote}
On May 25, 2011, at 9:56 PM, michael.peterson wrote:
Ok...I think I see what was happening.
When I first installed and tried to run "geronimo.sh run" I didn't
have JAVA_HOME set. it failed with a bunch of messages. Then I
realized that problem and set JAVA_HOME...but it looks like that time
the property files have already been rewritten and the install
corrupted. I didn't realize it was happening at the time of
course...but since the new install was working I tried to redo the
step to get to that broken state. The only way I could achieve that
was to remove the JAVA_HOME and try and run geronimo.
Does that make sense to you?
{quote}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira