1141181 – rhq.autoinstall.server.admin.password should not be in clear text in console

Bug 1141181 - rhq.autoinstall.server.admin.password should not be in clear text in console

Summary: rhq.autoinstall.server.admin.password should not be in clear text in console

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Operations Network
Classification:	JBoss
Component:	Installer
Sub Component:
Version:	JON 3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ER04
Target Release:	JON 3.3.0
Assignee:	John Mazzitelli
QA Contact:	Jeeva Kandasamy
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1129413
TreeView+	depends on / blocked

Reported:	2014-09-12 11:50 UTC by Jeeva Kandasamy
Modified:	2014-12-11 14:02 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-12-11 14:02:59 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Jeeva Kandasamy 2014-09-12 11:50:48 UTC

Description of problem:
Fresh JON installation asks rhq.autoinstall.server.admin.password on console. Password is visible while typing as well it confirming with clear text on console. Which is stored in encrypted format in rhq-server.properties

----------
[hudson@jeeva-ha3-jxc bin]$ ./rhqctl install
06:58:16,537 INFO  [org.jboss.modules] JBoss Modules version 1.3.3.Final-redhat-1

The [rhq.autoinstall.server.admin.password] property is required but not set in [rhq-server.properties].
Do you want to set [rhq.autoinstall.server.admin.password] value now?
yes|no: yes
rhq.autoinstall.server.admin.password: rhqadmin
Is [rhqadmin] correct?
yes|no:
----------

Version-Release number of selected component (if applicable):
JBoss Operations Network
Version : 3.3.0.ER02
Build Number : 4fbb183:7da54e2
GWT Version : 2.5.0
SmartGWT Version : 3.0p

How reproducible:
always

Steps to Reproduce:
1. leave blank 'rhq.autoinstall.server.admin.password' in rhq-server.properties file
2. execute './rhqctl'

Comment 1 Juraci Paixão Kröhling 2014-09-17 15:19:25 UTC

Jeeva, this is actually working as designed: the password is typed into the installer's console, which doesn't keeps a history. So, unless there's some aspect that I'm missing, I'd suggest to close this as "not a bug".

Comment 2 Jeeva Kandasamy 2014-09-18 05:56:45 UTC

In JBoss while adding password (ex: user password) via console it is not visible. What I feel is, it will be good if 'JBoss ON' also have similar approach as it's in JBoss family.

Comment 4 John Mazzitelli 2014-09-18 17:54:04 UTC

I'm going to try to fix this.

Comment 5 John Mazzitelli 2014-09-18 20:53:29 UTC

commit 07151ddb23e6065d5a72ae900b1cbf420b00e27c
Author: John Mazzitelli <mazz>
Date:   Thu Sep 18 16:51:51 2014 -0400

    BZ 1141181 1129413 - don't echo passwords to the console. ask to confirm passwords

Comment 6 John Mazzitelli 2014-09-18 20:55:37 UTC

commit b5b0e2d18e33b921f4bf57454179efd1707f1a9f
Author: John Mazzitelli <mazz>
Date:   Thu Sep 18 16:51:51 2014 -0400

    BZ 1141181 1129413 - don't echo passwords to the console. ask to confirm passwords
    (cherry picked from commit 07151ddb23e6065d5a72ae900b1cbf420b00e27c)

Comment 7 Simeon Pinder 2014-10-01 21:33:25 UTC

Moving to ON_QA as available for test with build:
https://brewweb.devel.redhat.com/buildinfo?buildID=388959

Comment 8 Jeeva Kandasamy 2014-10-07 11:34:54 UTC

Version:
Version : 3.3.0.ER04
Build Number : 99d2107:d7c537e
GWT Version : 2.5.0
SmartGWT Version : 3.0p

Password invisible as expected. but if we enter different password and confirm password should report error message BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1150064

Note You need to log in before you can comment on or make changes to this bug.