Bug 991557 - Username and password in clear text in S-RAMP and DTGov properties files
Username and password in clear text in S-RAMP and DTGov properties files
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Configuration (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER7
: 6.0.0
Assigned To: Julian Coleman
Jiri Sedlacek
:
: 1018747 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-02 13:47 EDT by Len DiMaggio
Modified: 2015-08-02 19:44 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Len DiMaggio 2013-08-02 13:47:59 EDT
Description of problem:

The file is:

cat  sramp.properties
#sramp.config.file.refresh = 60000
#sramp.config.baseurl = https://www.sramp.org/s-ramp-server
sramp.config.auditing.enabled = true
sramp.config.auditing.enabled-derived = true
sramp.config.auditing.user = admin
sramp.config.auditing.password = overlord

Version-Release number of selected component (if applicable):
DR7

How reproducible:
100%

Steps to Reproduce:
1.Examine the file
2.
3.

Actual results:
Clear text. 

Expected results:
Encrypted password.

Additional info:
Comment 2 Len DiMaggio 2013-08-02 15:10:13 EDT
Also the full list of users can be found in
standalone/configuration/overlord-idp-users.properties
Comment 3 Len DiMaggio 2013-10-14 21:16:37 EDT
*** Bug 1018747 has been marked as a duplicate of this bug. ***
Comment 4 kconner 2013-11-11 10:40:41 EST
The application realm is now used instead of overlord-idp-users.properties
Comment 5 Len DiMaggio 2013-12-13 15:36:59 EST
Verified in ER7-2:

cat ./standalone/configuration/sramp.properties
#sramp.config.file.refresh = 60000
#sramp.config.baseurl = https://www.sramp.org/s-ramp-server
sramp.config.auditing.enabled = true
sramp.config.auditing.enabled-derived = true

Note You need to log in before you can comment on or make changes to this bug.