Red Hat Bugzilla – Bug 535442
mysql plugin show password in Resource key
Last modified: 2014-05-05 17:04:58 EDT
I manually added a mysql database to jopr to monitor and the user name and password are displayed in clear text for anyone to see. Is there a way to hide this ? It shows up on the "Inventory" tab in "General Properties" section.
Name: MySql [MySql]
Type: MySql Server (MySql)
Date Created: 6/2/09, 3:42:16 PM, EDT
Date Last Modified: 6/2/09, 3:42:16 PM, EDT
Description: Mysql relational database server
Resource Key: jdbc:mysql://127.0.0.1?user=mysql&password=mypass
also see http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236129
I think the only things that truly need to be incorporated in the key are address, port, and DB name. So we could either use the URL without the query string portion, e.g.:
or we could include only the bare essentials, e.g.:
Not sure how everyone else would feel, but as long as I can add a username/password without the password showing in clear text I would be happy. However I kinda like the URL.
The question is do we want to include the username in the key too? We would need the username as part of they key if we wanted to support inventorying the same DB multiple times in JON using different usernames for each inventoried Resource. We should also check what we do in the Oracle and Postgres plugins, as it would make sense to be consistent with them.
I checked the postgres plugin and it looks like this.
Resource Key: jdbc:postgresql://127.0.0.1:5432/postgres
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-2137
Temporarily adding the keyword "SubBug" so we can be sure we have accounted for all the bugs.
new = Tracking + FutureFeature + SubBug
making sure we're not missing any bugs in rhq_triage
I've just pushed and update to the MySQL plugin by Steve Millidge
From a quick look, it seems that this is no longer an issue.
I just tested this again on RHQ 3.0. The password is still displayed in clear text under inventory -> overview -> "Resource Key:"
Resource Key: jdbc:mysql://127.0.0.1?user=testusr&password=****