Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8161

JDR Subsystem destroys password related system properties

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 11.0.0.Alpha1
    • 10.0.0.Final, 10.1.0.Final
    • JDR
    • None

      When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here:

      https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/java/org/jboss/as/jdr/commands/SystemProperties.java#L51-L53

      One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>".

      To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values.

              rhn-support-bmaxwell Brad Maxwell
              jmazzitelli John Mazzitelli
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: