Some protocols inadvertently expose sensitive information via @Property, e.g.
@Property String password
This needs to be changed to
@Property(exposeAsManagedAttribute=false) String password
This way, password can be set via XML, but can not be queried via probe.sh or JMX.
Examples:
- JDBC_PING, SWIFT_PING, RACKSPACE_PING, S3_PING, GOOGLE_PING
- AUTH and plugin tokens
- ENCRYPT
- SASL (see
JGRP-1853)
- relates to
-
JGRP-1853 SASL: don't expose passwords/credentials as managed properties
-
- Resolved
-
