-
1. Re: mysql monitor
I dont' know much about the MySQL plugin - is there a way for you to not put the password in the JDBC URL but use the other connection properties to set the password (assuming the password is of property type "password" - the plugin descriptor would need to have defined that).
-
2. Re: mysql monitor
Yes I did use the connection properties to store the user name and password. For whatever reasons it's taking that and populating the credentials into the url on the overview page to see in clear text under in "Resource Key"
-
3. Re: mysql monitor
Hi Josh,
That sounds like a bug in the MySQL plugin. The password should definitely not be stored as part of the database Resource's key, as it is not needed to uniquely identify the database Resource among other database Resources on the same platform. And, as you've pointed out, it causes security issues, since the Resource key is displayed in the GUI. Please create an issue for this in RHQ JIRA - http://jira.rhq-project.org/.
Thanks,
Ian -
4. Re: mysql monitor
I already added this one (not specific to MySQL plugin - we should have a separate JIRA for that, I'll let someone else create that one)
http://jira.rhq-project.org/browse/RHQ-2134 -
5. Re: mysql monitor
Well, in the case of the MySQL plugin, I see no reason to include the password in the key in the first place (whether to even include the username is questionable) . Off the top of my head, I can't think of any other cases where it would be necessary to include a password in a Resource key, can you?
-
6. Re: mysql monitor
no, but perhaps people don't even want to expose pathnames? or any senstive info. This is perhaps a low-level enhancement request.
As for the My SQL plugin, we do need a JIRA for that for it to be fixed. I did not create a JIRA for that specific issue. -
7. Re: mysql monitor
I submitted one for the mysql plugin I think.
http://jira.rhq-project.org/browse/RHQ-2137
thanks for all the help guys!