-
1. Re: Masking passwords in logs
alesj Oct 10, 2008 10:12 AM (in response to mmoyses)My initial post to Marcus:
"alesj" wrote:
This is not the way to do it. ;-)
1) if eventually done is such non-generic way, there should be at least just one place to do it - e.g. MaskPasswordHelper in jboss-commons
2) it should be done generic
e.g. user might want to mask other attributes as well
@MaskIt
public void setFoo(String foo)
3) there should be a set of default masking attributes
this set should be configurable -
2. Re: Masking passwords in logs
alesj Oct 10, 2008 10:14 AM (in response to mmoyses)"alesj" wrote:
2) it should be done generic
e.g. user might want to mask other attributes as well
@MaskIt
public void setFoo(String foo)
As this masking is done in parse state,
there is no way to get annotations, so this idea fails. -
3. Re: Masking passwords in logs
alesj Oct 10, 2008 10:18 AM (in response to mmoyses)Leaving us with 1) and 3) - joining the two items.
Perhaps there is no need to put this into commons,
since it's really an implementation detail of AS.
I would then put it somewhere in AS,
making it as configurable as possible,
and definitely used by all - single point of masking. -
4. Re: Masking passwords in logs
adrian.brock Oct 10, 2008 11:30 AM (in response to mmoyses)Why doesn't this solve the problem?
http://www.jboss.org/community/docs/DOC-9350
http://www.jboss.org/community/docs/DOC-9703
Even if you mask the password in the log, if it is an MBean attribute, it will
be visible via JMX (and the user has access).
Additionally since we recommend changing the log level to INFO
for production anyway, none of this will appear in the log. -
5. Re: Masking passwords in logs
mmoyses Oct 10, 2008 11:55 AM (in response to mmoyses)Adrian,
the problem is that datasources and JCA login modules are not the only place where passwords are in plain text. There are some mbeans that don't provide a means for encryption, like SuckerPassword from messaging-service.xml, suckerPassword from messaging-jboss-beans.xml or Password from mail-service.xml. -
6. Re: Masking passwords in logs
adrian.brock Oct 10, 2008 11:56 AM (in response to mmoyses)"mmoyses" wrote:
Adrian,
the problem is that datasources and JCA login modules are not the only place where passwords are in plain text. There are some mbeans that don't provide a means for encryption, like SuckerPassword from messaging-service.xml, suckerPassword from messaging-jboss-beans.xml or Password from mail-service.xml.
Then these need to be fixed to accept security-domain configurations. -
7. Re: Masking passwords in logs
anil.saldhana Oct 10, 2008 12:03 PM (in response to mmoyses)"adrian@jboss.org" wrote:
Why doesn't this solve the problem?
http://www.jboss.org/community/docs/DOC-9350
http://www.jboss.org/community/docs/DOC-9703
That solves the issue for JCA. But what if the user has not done the encryption and log is set to debug (community version). Logs are long lived beasts. I only have an issue with JBoss core infrastructure chewing out attribute values in debug mode when the values can be passwords."adrian@jboss.org" wrote:
Even if you mask the password in the log, if it is an MBean attribute, it will
be visible via JMX (and the user has access).
If we try to fix this. It will only get complicated. Visually, it would prohibit the update of the password."adrian@jboss.org" wrote:
Additionally since we recommend changing the log level to INFO
for production anyway, none of this will appear in the log.
I am not sure that everyone follows the recommendations.
We are not trying to make passwords totally invisible. All we are trying to do is a trivial mask to passwords in the log (we may not get a 100% hit with the masking). -
8. Re: Masking passwords in logs
anil.saldhana Oct 10, 2008 12:04 PM (in response to mmoyses)"adrian@jboss.org" wrote:
"mmoyses" wrote:
Adrian,
the problem is that datasources and JCA login modules are not the only place where passwords are in plain text. There are some mbeans that don't provide a means for encryption, like SuckerPassword from messaging-service.xml, suckerPassword from messaging-jboss-beans.xml or Password from mail-service.xml.
Then these need to be fixed to accept security-domain configurations.
I agree. We need to make these accept Password based encryption (PBE) schemes. -
9. Re: Masking passwords in logs
adrian.brock Oct 10, 2008 12:05 PM (in response to mmoyses)"adrian@jboss.org" wrote:
"mmoyses" wrote:
Adrian,
the problem is that datasources and JCA login modules are not the only place where passwords are in plain text. There are some mbeans that don't provide a means for encryption, like SuckerPassword from messaging-service.xml, suckerPassword from messaging-jboss-beans.xml or Password from mail-service.xml.
Then these need to be fixed to accept security-domain configurations.
Or more accurately, SubjectFactory injection:
https://jira.jboss.org/jira/browse/JBAS-5067 -
10. Re: Masking passwords in logs
adrian.brock Oct 10, 2008 12:12 PM (in response to mmoyses)"anil.saldhana@jboss.com" wrote:
"adrian@jboss.org" wrote:
Even if you mask the password in the log, if it is an MBean attribute, it will
be visible via JMX (and the user has access).
If we try to fix this. It will only get complicated. Visually, it would prohibit the update of the password.
The MBeans could be coded such that there is no getPassword()?
i.e. they are write only. -
11. Re: Masking passwords in logs
anil.saldhana Oct 10, 2008 12:16 PM (in response to mmoyses)https://jira.jboss.org/jira/browse/JBAS-6073
I created a Jira issue for migration of password based configuration.