Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-774

Enable white-space in parameters for external password command

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • JBossSecurity_2.0.6.Final
    • JBossSecurity_2.0.5.Final
    • JBossSX
    • None

      This is a backport of SECURITY-771 to the jbosssx 2.0.x branch.

      The original description:
      The current implementation of the loading the external password by a command uses Runtime.exec() which denies to pass a parameter which contains a white-space to the command, see {EXT} in org.jboss.security.Util#loadPassword(String).
      It would be nice to provide a new implementation based on ProcessBuilder.

      For example, various ssh-askpass implementations requires a parameter like 'Enter passphrase for ...'. Without the ability to directly pass such a parameter customers are pushed to create a "script in the middle" which makes their application unnecessarily complicated.

        1. SECURITY-774.patch
          17 kB

            pskopek@redhat.com Peter Skopek
            istudens@redhat.com Ivo Studensky
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: