You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Frank Gasdorf (Jira)" <ji...@apache.org> on 2021/06/01 08:17:00 UTC

[jira] [Commented] (DBCP-448) Disable password exposure via JMX.

    [ https://issues.apache.org/jira/browse/DBCP-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17354927#comment-17354927 ] 

Frank Gasdorf commented on DBCP-448:
------------------------------------

Since JMX is used for monitoring as well in production environments, the password should not be exposed anyway. Therefor DBCP-562 fixes the issed and the password is not visiable via JMX bean anymore.

> Disable password exposure via JMX.
> ----------------------------------
>
>                 Key: DBCP-448
>                 URL: https://issues.apache.org/jira/browse/DBCP-448
>             Project: Commons DBCP
>          Issue Type: Improvement
>    Affects Versions: 2.1
>            Reporter: Michał Jedynak
>            Priority: Minor
>
> Currently there is no control over which methods are exposed as mbeans via JMX in BasicDataSource. 
> The main issue with this approach is that 'getPassword' method is also exposed which is most of the time problematic on production environments.
> It would be nice to have some control over the exposed methods to be able to disable password exposure.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)