Red Hat Bugzilla – Bug 1019983
Password entered into installer is written to dtgov-sramp-repo-seed-cli-commands.txt in plain text
Last modified: 2014-02-06 10:29:29 EST
Description of problem:
connect http://localhost:8080/s-ramp-server admin password1#
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Being able to mask this password is dependent upon some configuration / rework of S-RAMP and DT Gov
Alas we don't have anything in place to mask this password. Instead I think the installer should:
1) make a copy of the file
2) update the copy with the admin credentials entered by the user in the installer
3) execute the copy
4) delete the copy
This will leave the original file in place in case the user ever needs to manually execute it.
The S-RAMP CLI has been updated so that if the username/password are missing from the command file, the CLI will prompt the user for the username/password. This should make executing this file manually a little bit easier.
Changes should be present in ER7. Need the full build for confirmation.
The ER7-2 installer has the following procedure implemented:
a) Create a copy of the original file with plaintext credentials
Successfully wrote /home/thauser/FSW/jboss-eap-6.1/dtgov-sramp-repo-seed-cli-commands.txtTEMP
b) Run the seeding command with this file:
Running command:[java, -Xmx1024m, -jar, bin/s-ramp-shell-0.3.1.Final-redhat-4.jar, -f, dtgov-sramp-repo-seed-cli-commands.txtTEMP]
c) Remove this file after installation.
End results: Original file contains no credentials, SRAMP seeding succeeds.
Verified in ER7-2: