lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mano Kovacs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-10076) Hiding keystore and truststore passwords from /admin/info/* outputs
Date Thu, 23 Feb 2017 14:26:44 GMT

    [ https://issues.apache.org/jira/browse/SOLR-10076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15880512#comment-15880512
] 

Mano Kovacs commented on SOLR-10076:
------------------------------------

Thank you for the feedback, [~ichattopadhyaya].

Do you think the redaction of command line password could be handled as the first patch contains?

> Hiding keystore and truststore passwords from /admin/info/* outputs
> -------------------------------------------------------------------
>
>                 Key: SOLR-10076
>                 URL: https://issues.apache.org/jira/browse/SOLR-10076
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Mano Kovacs
>         Attachments: SOLR-10076.patch
>
>
> Passing keystore and truststore password is done by system properties, via cmd line parameter.
> As result, {{/admin/info/properties}} and {{/admin/info/system}} will print out the received
password.
> Proposing solution to automatically redact value of any system property before output,
containing the word {{password}}, and replacing its value with {{******}}.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message