You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Ashish Jain (JIRA)" <ji...@apache.org> on 2010/06/24 11:24:49 UTC

[jira] Created: (GERONIMO-5401) Geronimo encrypts empty passwords

Geronimo encrypts empty passwords
---------------------------------

                 Key: GERONIMO-5401
                 URL: https://issues.apache.org/jira/browse/GERONIMO-5401
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: databases
    Affects Versions: 2.1.5
         Environment: Geronimo tomcat assembly.
            Reporter: Ashish Jain
            Assignee: Ashish Jain
             Fix For: 2.1.7


This can be observed as follows
1) Create a test db pool with empty passwords. I had used derby embedded xa.
2) Deploy it.
3) Check the config.ser. You can see a password string encrypted with {Simple} or {Configured}.

The same behavior can be seen for SystemDatasource.

This behavior is misleading.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (GERONIMO-5401) Geronimo encrypts empty passwords

Posted by "Rex Wang (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rex Wang resolved GERONIMO-5401.
--------------------------------

    Resolution: Fixed

> Geronimo encrypts empty passwords
> ---------------------------------
>
>                 Key: GERONIMO-5401
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5401
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: databases
>    Affects Versions: 2.1.5
>         Environment: Geronimo tomcat assembly.
>            Reporter: Ashish Jain
>            Assignee: Ashish Jain
>             Fix For: 2.1.7, 2.2.1, 3.0
>
>
> This can be observed as follows
> 1) Create a test db pool with empty passwords. I had used derby embedded xa.
> 2) Deploy it.
> 3) Check the config.ser. You can see a password string encrypted with {Simple} or {Configured}.
> The same behavior can be seen for SystemDatasource.
> This behavior is misleading.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-5401) Geronimo encrypts empty passwords

Posted by "Rex Wang (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rex Wang closed GERONIMO-5401.
------------------------------


closing it

> Geronimo encrypts empty passwords
> ---------------------------------
>
>                 Key: GERONIMO-5401
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5401
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: databases
>    Affects Versions: 2.1.5
>         Environment: Geronimo tomcat assembly.
>            Reporter: Ashish Jain
>            Assignee: Ashish Jain
>             Fix For: 2.1.7, 2.2.1, 3.0
>
>
> This can be observed as follows
> 1) Create a test db pool with empty passwords. I had used derby embedded xa.
> 2) Deploy it.
> 3) Check the config.ser. You can see a password string encrypted with {Simple} or {Configured}.
> The same behavior can be seen for SystemDatasource.
> This behavior is misleading.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-5401) Geronimo encrypts empty passwords

Posted by "Rex Wang (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rex Wang updated GERONIMO-5401:
-------------------------------

    Fix Version/s: 3.0
                   2.2.1

> Geronimo encrypts empty passwords
> ---------------------------------
>
>                 Key: GERONIMO-5401
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5401
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: databases
>    Affects Versions: 2.1.5
>         Environment: Geronimo tomcat assembly.
>            Reporter: Ashish Jain
>            Assignee: Ashish Jain
>             Fix For: 2.1.7, 2.2.1, 3.0
>
>
> This can be observed as follows
> 1) Create a test db pool with empty passwords. I had used derby embedded xa.
> 2) Deploy it.
> 3) Check the config.ser. You can see a password string encrypted with {Simple} or {Configured}.
> The same behavior can be seen for SystemDatasource.
> This behavior is misleading.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-5401) Geronimo encrypts empty passwords

Posted by "Ashish Jain (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12882102#action_12882102 ] 

Ashish Jain commented on GERONIMO-5401:
---------------------------------------

applied to 2.1 branch At revision: 957469  


> Geronimo encrypts empty passwords
> ---------------------------------
>
>                 Key: GERONIMO-5401
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5401
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: databases
>    Affects Versions: 2.1.5
>         Environment: Geronimo tomcat assembly.
>            Reporter: Ashish Jain
>            Assignee: Ashish Jain
>             Fix For: 2.1.7
>
>
> This can be observed as follows
> 1) Create a test db pool with empty passwords. I had used derby embedded xa.
> 2) Deploy it.
> 3) Check the config.ser. You can see a password string encrypted with {Simple} or {Configured}.
> The same behavior can be seen for SystemDatasource.
> This behavior is misleading.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-5401) Geronimo encrypts empty passwords

Posted by "Rex Wang (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12920834#action_12920834 ] 

Rex Wang commented on GERONIMO-5401:
------------------------------------

fix for 22 @ revision 1022362
fix for 30 @ revision 1022363

-Rex

> Geronimo encrypts empty passwords
> ---------------------------------
>
>                 Key: GERONIMO-5401
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5401
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: databases
>    Affects Versions: 2.1.5
>         Environment: Geronimo tomcat assembly.
>            Reporter: Ashish Jain
>            Assignee: Ashish Jain
>             Fix For: 2.1.7, 2.2.1, 3.0
>
>
> This can be observed as follows
> 1) Create a test db pool with empty passwords. I had used derby embedded xa.
> 2) Deploy it.
> 3) Check the config.ser. You can see a password string encrypted with {Simple} or {Configured}.
> The same behavior can be seen for SystemDatasource.
> This behavior is misleading.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.