Bug 994697 - BPEL Console should not have passwords in plaintext
BPEL Console should not have passwords in plaintext
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: BPEL Integration (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity high
: ER2
: ---
Assigned To: Gary Brown
Jiri Sedlacek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-07 15:32 EDT by Jiri Sedlacek
Modified: 2015-08-02 19:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jiri Sedlacek 2013-08-07 15:32:14 EDT
user/password configuration file for bpel-console contains passwords in plaintext, this can be security issue.

Also, this file is in standalone/deployments/switchyard-bpel-console-server.war/WEB-INF/classes directory, it should be on some more convenient place.
Comment 1 Gary Brown 2013-08-19 11:45:39 EDT
Changed to use 'other' security domain so leverage application users defined within the app server.
Comment 2 Jiri Sedlacek 2013-09-17 08:56:27 EDT
verified in ER2


How to set user for bpel console should be documented - user has to have 'administrator' role.

Note You need to log in before you can comment on or make changes to this bug.