Red Hat Bugzilla – Full Text Bug Listing
|Summary:||mysql plugin show password in Resource key|
|Product:||[Other] RHQ Project||Reporter:||josh2268 <jresnick>|
|Component:||Plugins||Assignee:||RHQ Project Maintainer <rhq-maint>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Version:||unspecified||CC:||cwelton, jresnick, jshaughn, OEM101|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2014-05-05 17:04:58 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description josh2268 2009-06-09 16:29:00 EDT
I manually added a mysql database to jopr to monitor and the user name and password are displayed in clear text for anyone to see. Is there a way to hide this ? It shows up on the "Inventory" tab in "General Properties" section. Name: MySql [MySql] Type: MySql Server (MySql) Date Created: 6/2/09, 3:42:16 PM, EDT Version: none Date Last Modified: 6/2/09, 3:42:16 PM, EDT Description: Mysql relational database server Resource Key: jdbc:mysql://127.0.0.1?user=mysql&password=mypass also see http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236129
Comment 1 Ian Springer 2009-06-09 16:50:58 EDT
I think the only things that truly need to be incorporated in the key are address, port, and DB name. So we could either use the URL without the query string portion, e.g.: "jdbc:mysql://localhost:3306/mysql" or we could include only the bare essentials, e.g.: "localhost:3306:mysql" Comments?
Comment 2 josh2268 2009-06-09 16:55:12 EDT
Not sure how everyone else would feel, but as long as I can add a username/password without the password showing in clear text I would be happy. However I kinda like the URL. thanks!
Comment 3 Ian Springer 2009-06-09 17:58:39 EDT
The question is do we want to include the username in the key too? We would need the username as part of they key if we wanted to support inventorying the same DB multiple times in JON using different usernames for each inventoried Resource. We should also check what we do in the Oracle and Postgres plugins, as it would make sense to be consistent with them.
Comment 4 josh2268 2009-06-10 10:01:06 EDT
I checked the postgres plugin and it looks like this. Resource Key: jdbc:postgresql://127.0.0.1:5432/postgres
Comment 5 Red Hat Bugzilla 2009-11-10 15:58:33 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-2137
Comment 6 wes hayutin 2010-02-16 11:53:54 EST
Temporarily adding the keyword "SubBug" so we can be sure we have accounted for all the bugs. keyword: new = Tracking + FutureFeature + SubBug
Comment 7 wes hayutin 2010-02-16 11:59:06 EST
making sure we're not missing any bugs in rhq_triage
Comment 8 Heiko W. Rupp 2010-10-18 05:31:23 EDT
I've just pushed and update to the MySQL plugin by Steve Millidge (28ae734397d49586094f973c0db81f06fc394791). From a quick look, it seems that this is no longer an issue.
Comment 9 josh2268 2011-01-25 12:44:30 EST
I just tested this again on RHQ 3.0. The password is still displayed in clear text under inventory -> overview -> "Resource Key:" Resource Key: jdbc:mysql://127.0.0.1?user=testusr&password=****