Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8161

JDR Subsystem destroys password related system properties

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 11.0.0.Alpha1
    • 10.0.0.Final, 10.1.0.Final
    • JDR
    • None

    Description

      When you export a JDR, it provides a report of system properties, but to avoid leaking passwords, it redacts any system property with the string <Redacted> - see here:

      https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/java/org/jboss/as/jdr/commands/SystemProperties.java#L51-L53

      One major problem is it never flips the system properties back to their original values! So once a JDR report is created, no code in the JVM can ever be able to use those password system properties again - because the password is now changed to the string "<Redacted>".

      To fix, once that "system-properties.txt" file is created, you have to System.setProperty() those password properties back to their original values.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8931 (7.1.0) JDR Subsystem destroys password related system properties

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8931 (7.1.0) JDR Subsystem destroys password related system properties

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified

          Activity

            People

              rhn-support-bmaxwell Brad Maxwell
              jmazzitelli John Mazzitelli
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: