You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org> on 2006/11/18 19:41:37 UTC

[jira] Commented: (GERONIMO-1135) Keystore password in System.properties

    [ http://issues.apache.org/jira/browse/GERONIMO-1135?page=comments#action_12451052 ] 
            
Vamsavardhana Reddy commented on GERONIMO-1135:
-----------------------------------------------

In server built from branches\1.1 I have examined through debugger that SystemProperties does not contain javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword.

In branches\1.2 no plan xml file has javax.net.ssl.keystorePassword=... entry.  (Only configs\rmi-naming\src\plan\plan.xml has an entry, but it is commented out and so it won't count.)

> Keystore password in System.properties
> --------------------------------------
>
>                 Key: GERONIMO-1135
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-1135
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.0-M5
>            Reporter: Aaron Mulder
>            Priority: Critical
>             Fix For: 1.2
>
>
> If you look at the System properties, the keystore and trust store passwords are in there.  I'm not sure who puts them in there, but we need to find a way to stop that -- or else prevent applications from reading them?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira