Bug 1141181 - rhq.autoinstall.server.admin.password should not be in clear text in console
Summary: rhq.autoinstall.server.admin.password should not be in clear text in console
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Installer
Version: JON 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ER04
: JON 3.3.0
Assignee: John Mazzitelli
QA Contact: Jeeva Kandasamy
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1129413
TreeView+ depends on / blocked
 
Reported: 2014-09-12 11:50 UTC by Jeeva Kandasamy
Modified: 2014-12-11 14:02 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-12-11 14:02:59 UTC


Attachments (Terms of Use)

Description Jeeva Kandasamy 2014-09-12 11:50:48 UTC
Description of problem:
Fresh JON installation asks rhq.autoinstall.server.admin.password on console. Password is visible while typing as well it confirming with clear text on console. Which is stored in encrypted format in rhq-server.properties

----------
[hudson@jeeva-ha3-jxc bin]$ ./rhqctl install
06:58:16,537 INFO  [org.jboss.modules] JBoss Modules version 1.3.3.Final-redhat-1

The [rhq.autoinstall.server.admin.password] property is required but not set in [rhq-server.properties].
Do you want to set [rhq.autoinstall.server.admin.password] value now?
yes|no: yes
rhq.autoinstall.server.admin.password: rhqadmin
Is [rhqadmin] correct?
yes|no:
----------

Version-Release number of selected component (if applicable):
JBoss Operations Network
Version : 3.3.0.ER02
Build Number : 4fbb183:7da54e2
GWT Version : 2.5.0
SmartGWT Version : 3.0p

How reproducible:
always

Steps to Reproduce:
1. leave blank 'rhq.autoinstall.server.admin.password' in rhq-server.properties file
2. execute './rhqctl'

Comment 1 Juraci Paixão Kröhling 2014-09-17 15:19:25 UTC
Jeeva, this is actually working as designed: the password is typed into the installer's console, which doesn't keeps a history. So, unless there's some aspect that I'm missing, I'd suggest to close this as "not a bug".

Comment 2 Jeeva Kandasamy 2014-09-18 05:56:45 UTC
In JBoss while adding password (ex: user password) via console it is not visible. What I feel is, it will be good if 'JBoss ON' also have similar approach as it's in JBoss family.

Comment 4 John Mazzitelli 2014-09-18 17:54:04 UTC
I'm going to try to fix this.

Comment 5 John Mazzitelli 2014-09-18 20:53:29 UTC
commit 07151ddb23e6065d5a72ae900b1cbf420b00e27c
Author: John Mazzitelli <mazz@redhat.com>
Date:   Thu Sep 18 16:51:51 2014 -0400

    BZ 1141181 1129413 - don't echo passwords to the console. ask to confirm passwords

Comment 6 John Mazzitelli 2014-09-18 20:55:37 UTC
commit b5b0e2d18e33b921f4bf57454179efd1707f1a9f
Author: John Mazzitelli <mazz@redhat.com>
Date:   Thu Sep 18 16:51:51 2014 -0400

    BZ 1141181 1129413 - don't echo passwords to the console. ask to confirm passwords
    (cherry picked from commit 07151ddb23e6065d5a72ae900b1cbf420b00e27c)

Comment 7 Simeon Pinder 2014-10-01 21:33:25 UTC
Moving to ON_QA as available for test with build:
https://brewweb.devel.redhat.com/buildinfo?buildID=388959

Comment 8 Jeeva Kandasamy 2014-10-07 11:34:54 UTC
Version:
Version : 3.3.0.ER04
Build Number : 99d2107:d7c537e
GWT Version : 2.5.0
SmartGWT Version : 3.0p

Password invisible as expected. but if we enter different password and confirm password should report error message BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1150064


Note You need to log in before you can comment on or make changes to this bug.