Bug 535442 (RHQ-2137)

Summary: mysql plugin show password in Resource key
Product: [Other] RHQ Project Reporter: josh2268 <jresnick>
Component: PluginsAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: cwelton, jresnick, jshaughn, OEM101
Target Milestone: ---Keywords: SubBug
Target Release: ---Flags: cwelton: needinfo? (jmarques)
Hardware: All   
OS: All   
URL: http://jira.rhq-project.org/browse/RHQ-2137
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-05 17:04:58 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 565628    

Description josh2268 2009-06-09 16:29:00 EDT
I manually added a mysql database to jopr to monitor and the user name and password are displayed in clear text for anyone to see. Is there a way to hide this ? It shows up on the "Inventory" tab in "General Properties" section. 

Name: MySql [MySql]	
Type: MySql Server (MySql)	
Date Created: 6/2/09, 3:42:16 PM, EDT 
Version: none	
Date Last Modified: 6/2/09, 3:42:16 PM, EDT 
Description: Mysql relational database server	
 Resource Key: jdbc:mysql://127.0.0.1?user=mysql&password=mypass 


also see http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236129
Comment 1 Ian Springer 2009-06-09 16:50:58 EDT
I think the only things that truly need to be incorporated in the key are address, port, and DB name. So we could either use the URL without the query string portion, e.g.:

"jdbc:mysql://localhost:3306/mysql"

or we could include only the bare essentials, e.g.:

"localhost:3306:mysql"

Comments?
Comment 2 josh2268 2009-06-09 16:55:12 EDT
Not sure how everyone else would feel, but  as long as I can add a username/password without the password showing in clear text I would be happy.   However I kinda like the URL. 

thanks!
Comment 3 Ian Springer 2009-06-09 17:58:39 EDT
The question is do we want to include the username in the key too? We would need the username as part of they key if we wanted to support inventorying the same DB multiple times in JON using different usernames for each inventoried Resource. We should also check what we do in the Oracle and Postgres plugins, as it would make sense to be consistent with them.
Comment 4 josh2268 2009-06-10 10:01:06 EDT
I checked the postgres plugin and it looks like this. 

Resource Key: jdbc:postgresql://127.0.0.1:5432/postgres
Comment 5 Red Hat Bugzilla 2009-11-10 15:58:33 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-2137
Comment 6 wes hayutin 2010-02-16 11:53:54 EST
Temporarily adding the keyword "SubBug" so we can be sure we have accounted for all the bugs.

keyword:
new = Tracking + FutureFeature + SubBug
Comment 7 wes hayutin 2010-02-16 11:59:06 EST
making sure we're not missing any bugs in rhq_triage
Comment 8 Heiko W. Rupp 2010-10-18 05:31:23 EDT
I've just pushed and update to the MySQL plugin by Steve Millidge 
(28ae734397d49586094f973c0db81f06fc394791).

From a quick look, it seems that this is no longer an issue.
Comment 9 josh2268 2011-01-25 12:44:30 EST
I just tested this again on RHQ 3.0.  The password is still displayed in clear text under inventory -> overview ->  "Resource Key:"

Resource Key: jdbc:mysql://127.0.0.1?user=testusr&password=****