Help Desk Ticket Reference: https://c.na7.visual.force.com/apex/Case_View?id=500A0000005fqbn&sfdc.override=1 securitylevel_name: Public Currently the drools client API access Guvnor by creditials declared as plain-text in change-set.xml or property files. This is a security problem for many companies. Is very important develop a mechanism to obfuscate the password.
Link: Added: This issue related JBRULES-2856
GSS prioritizes 'medium'. Customer is watching issue, but there is not an urgent need.
It is important to get this addressed soon. However not mandatory for BRMS 5.2 release.
As we discussed by e-mail, the only solution for this is to use a keystore to store the crypto key so that it is managed by the JVM. We can do that, but my feeling is that customers will simply not use it, as keystores are annoying for the users to configure (see what happened with kbase signing feature). If this was requested by a customer, we will do it. Otherwise, if it is an internal request, I don't think it will be worth the time spent on it.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The drools client API accesses JBoss BRMS by credentials declared as plain-text in change-set.xml or property files. A request has been mode to develop a mechanism to obfuscate the password.
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.