Bug 536105 (RHQ-491)
Summary: | group definitions can be used to show password fields from plugin/resource config | ||
---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Charles Crouch <ccrouch> |
Component: | Resource Grouping | Assignee: | Joseph Marques <jmarques> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Jeff Weiss <jweiss> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 1.0 | CC: | dajohnso, hbrock, mschoene |
Target Milestone: | --- | Keywords: | SubBug |
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://jira.rhq-project.org/browse/RHQ-491 | ||
Whiteboard: | |||
Fixed In Version: | 1.2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 536002 |
Description
Charles Crouch
2008-05-15 21:17:00 UTC
well, i think you can get it as the admin user from any of the various pages available in the /admin/* web context if you're logged in as an admin there are two options here: 1) make the group definition creation / dynagroup manip only available to inventory managers, which would granted still allow them to do stupid things...though i question what the value of creating this type of group definition would be ; ) 2) make this illegal by preventing expression that contain properties whose type is password i'm guessing people are going to vote for option 2, but if so then are we going to somehow lock down the /admin/* pages in the same manner? I think /admin is sufficiently locked down, only "JON admin" users have access which should exclude the vast majority of users. We should investigate encrypting password properties in the DB. rev2260 - suppress private property results in dynagroup calculations; Verified that no groups are created when using the described definition. rev2561, windows/oracle This bug was previously known as http://jira.rhq-project.org/browse/RHQ-491 *** Bug 476080 has been marked as a duplicate of this bug. *** |