JDBC user password value in automatic installation script use plain text value. Autoprompt should be used for this (same as we use for all password values).
reproduce
- Select "Install JDBC Driver" and "Install Datasource" from runtime environment configuration options
- On Datasource setup screen, select Security type to be "Username + password", enter some valid values and finish the installation
- Generate installation scrip
actual
$ cat auto.xml
... <userInput> <entry key="jdbc.datasource.name" value="myNewDatasource"/> <entry key="jdbc.datasource.jndiname" value="java:jboss/PostgresDS"/> <entry key="jdbc.datasource.minpoolsize" value="0"/> <entry key="jdbc.datasource.maxpoolsize" value="20"/> <entry key="JBossDatasourceConfigPanel.securitytype.value" value="Username-Password"/> <entry key="jdbc.datasource.username" value="user"/> <entry key="jdbc.datasource.password" value="asdasd@2"/> <entry key="jdbc.datasource.xa" value="Datasource"/> <entry key="jdbc.datasource.connectionurl" value="jdbc:postgresql://SERVER_NAME:PORT/DATABASE_NAME"/> </userInput> ...
$ cat auto.xml.variables adminPassword=
expected
$ cat auto.xml
... <userInput> <entry key="jdbc.datasource.name" value="myNewDatasource"/> <entry key="jdbc.datasource.jndiname" value="java:jboss/PostgresDS"/> <entry key="jdbc.datasource.minpoolsize" value="0"/> <entry key="jdbc.datasource.maxpoolsize" value="20"/> <entry key="JBossDatasourceConfigPanel.securitytype.value" value="Username-Password"/> <entry key="jdbc.datasource.username" value="user"/> <entry autoPrompt="true" key="jdbc.datasource.password"/> <entry key="jdbc.datasource.xa" value="Datasource"/> <entry key="jdbc.datasource.connectionurl" value="jdbc:postgresql://SERVER_NAME:PORT/DATABASE_NAME"/> </userInput> ...
$ cat auto.xml.variables adminPassword= jdbc.datasource.password=
Regression against 6.4.0
- is related to
-
JBEAP-2656 jdbc.datasource.xa.recoverypass is stored in plaintext form (auto.xml)
-
- Closed
-
