535442 – (RHQ-2137) mysql plugin show password in Resource key

Bug 535442 (RHQ-2137) - mysql plugin show password in Resource key

Summary: mysql plugin show password in Resource key

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	RHQ-2137
Product:	RHQ Project
Classification:	Other
Component:	Plugins
Sub Component:
Version:	unspecified
Hardware:	All
OS:	All
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	RHQ Project Maintainer
QA Contact:
Docs Contact:
URL:	http://jira.rhq-project.org/browse/RH...
Whiteboard:
Depends On:
Blocks:	rhq_triage
TreeView+	depends on / blocked

Reported:	2009-06-09 20:29 UTC by josh2268
Modified:	2023-09-14 01:18 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-05-05 21:04:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description josh2268 2009-06-09 20:29:00 UTC

I manually added a mysql database to jopr to monitor and the user name and password are displayed in clear text for anyone to see. Is there a way to hide this ? It shows up on the "Inventory" tab in "General Properties" section. 

Name: MySql [MySql]	
Type: MySql Server (MySql)	
Date Created: 6/2/09, 3:42:16 PM, EDT 
Version: none	
Date Last Modified: 6/2/09, 3:42:16 PM, EDT 
Description: Mysql relational database server	
 Resource Key: jdbc:mysql://127.0.0.1?user=mysql&password=mypass 


also see http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236129

Comment 1 Ian Springer 2009-06-09 20:50:58 UTC

I think the only things that truly need to be incorporated in the key are address, port, and DB name. So we could either use the URL without the query string portion, e.g.:

"jdbc:mysql://localhost:3306/mysql"

or we could include only the bare essentials, e.g.:

"localhost:3306:mysql"

Comments?

Comment 2 josh2268 2009-06-09 20:55:12 UTC

Not sure how everyone else would feel, but  as long as I can add a username/password without the password showing in clear text I would be happy.   However I kinda like the URL. 

thanks!

Comment 3 Ian Springer 2009-06-09 21:58:39 UTC

The question is do we want to include the username in the key too? We would need the username as part of they key if we wanted to support inventorying the same DB multiple times in JON using different usernames for each inventoried Resource. We should also check what we do in the Oracle and Postgres plugins, as it would make sense to be consistent with them.

Comment 4 josh2268 2009-06-10 14:01:06 UTC

I checked the postgres plugin and it looks like this. 

Resource Key: jdbc:postgresql://127.0.0.1:5432/postgres

Comment 5 Red Hat Bugzilla 2009-11-10 20:58:33 UTC

This bug was previously known as http://jira.rhq-project.org/browse/RHQ-2137

Comment 6 wes hayutin 2010-02-16 16:53:54 UTC

Temporarily adding the keyword "SubBug" so we can be sure we have accounted for all the bugs.

keyword:
new = Tracking + FutureFeature + SubBug

Comment 7 wes hayutin 2010-02-16 16:59:06 UTC

making sure we're not missing any bugs in rhq_triage

Comment 8 Heiko W. Rupp 2010-10-18 09:31:23 UTC

I've just pushed and update to the MySQL plugin by Steve Millidge 
(28ae734397d49586094f973c0db81f06fc394791).

From a quick look, it seems that this is no longer an issue.

Comment 9 josh2268 2011-01-25 17:44:30 UTC

I just tested this again on RHQ 3.0.  The password is still displayed in clear text under inventory -> overview ->  "Resource Key:"

Resource Key: jdbc:mysql://127.0.0.1?user=testusr&password=****

Comment 10 Red Hat Bugzilla 2023-09-14 01:18:43 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days

Note You need to log in before you can comment on or make changes to this bug.