You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary Gregory (JIRA)" <ji...@apache.org> on 2015/11/01 23:36:27 UTC
[jira] [Commented] (DBCP-448) Disable password exposure via JMX.
[ https://issues.apache.org/jira/browse/DBCP-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984576#comment-14984576 ]
Gary Gregory commented on DBCP-448:
-----------------------------------
There are some legitimate use for calling {{getPassword()}} of course. We are only talking about JMX here, so it seems to me we should have something that deals specifically with the JMX use-case. I'm not sure what the best way to do that though. If there is a property that causes {{getPassword()}} to return null, would that only be {{getPassword()}} through JMX or all callers of {{getPassword()}}?
> Disable password exposure via JMX.
> ----------------------------------
>
> Key: DBCP-448
> URL: https://issues.apache.org/jira/browse/DBCP-448
> Project: Commons Dbcp
> Issue Type: Improvement
> Affects Versions: 2.1
> Reporter: MichaĆ Jedynak
> Priority: Minor
>
> Currently there is no control over which methods are exposed as mbeans via JMX in BasicDataSource.
> The main issue with this approach is that 'getPassword' method is also exposed which is most of the time problematic on production environments.
> It would be nice to have some control over the exposed methods to be able to disable password exposure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)