Bug 535442 - (RHQ-2137) mysql plugin show password in Resource key [NEEDINFO]
mysql plugin show password in Resource key
Product: RHQ Project
Classification: Other
Component: Plugins (Show other bugs)
All All
low Severity medium (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
: SubBug
Depends On:
Blocks: rhq_triage
  Show dependency treegraph
Reported: 2009-06-09 16:29 EDT by josh2268
Modified: 2014-05-05 17:04 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-05-05 17:04:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
cwelton: needinfo? (jmarques)

Attachments (Terms of Use)

  None (edit)
Description josh2268 2009-06-09 16:29:00 EDT
I manually added a mysql database to jopr to monitor and the user name and password are displayed in clear text for anyone to see. Is there a way to hide this ? It shows up on the "Inventory" tab in "General Properties" section. 

Name: MySql [MySql]	
Type: MySql Server (MySql)	
Date Created: 6/2/09, 3:42:16 PM, EDT 
Version: none	
Date Last Modified: 6/2/09, 3:42:16 PM, EDT 
Description: Mysql relational database server	
 Resource Key: jdbc:mysql:// 

also see http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236129
Comment 1 Ian Springer 2009-06-09 16:50:58 EDT
I think the only things that truly need to be incorporated in the key are address, port, and DB name. So we could either use the URL without the query string portion, e.g.:


or we could include only the bare essentials, e.g.:


Comment 2 josh2268 2009-06-09 16:55:12 EDT
Not sure how everyone else would feel, but  as long as I can add a username/password without the password showing in clear text I would be happy.   However I kinda like the URL. 

Comment 3 Ian Springer 2009-06-09 17:58:39 EDT
The question is do we want to include the username in the key too? We would need the username as part of they key if we wanted to support inventorying the same DB multiple times in JON using different usernames for each inventoried Resource. We should also check what we do in the Oracle and Postgres plugins, as it would make sense to be consistent with them.
Comment 4 josh2268 2009-06-10 10:01:06 EDT
I checked the postgres plugin and it looks like this. 

Resource Key: jdbc:postgresql://
Comment 5 Red Hat Bugzilla 2009-11-10 15:58:33 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-2137
Comment 6 wes hayutin 2010-02-16 11:53:54 EST
Temporarily adding the keyword "SubBug" so we can be sure we have accounted for all the bugs.

new = Tracking + FutureFeature + SubBug
Comment 7 wes hayutin 2010-02-16 11:59:06 EST
making sure we're not missing any bugs in rhq_triage
Comment 8 Heiko W. Rupp 2010-10-18 05:31:23 EDT
I've just pushed and update to the MySQL plugin by Steve Millidge 

From a quick look, it seems that this is no longer an issue.
Comment 9 josh2268 2011-01-25 12:44:30 EST
I just tested this again on RHQ 3.0.  The password is still displayed in clear text under inventory -> overview ->  "Resource Key:"

Resource Key: jdbc:mysql://****

Note You need to log in before you can comment on or make changes to this bug.