qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lorenz Quack (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-7128) [Java Broker] Add SystemTest that scans all output for occurrance of a well known password
Date Mon, 07 Mar 2016 08:55:40 GMT
Lorenz Quack created QPID-7128:
----------------------------------

             Summary: [Java Broker] Add SystemTest that scans all output for occurrance of
a well known password
                 Key: QPID-7128
                 URL: https://issues.apache.org/jira/browse/QPID-7128
             Project: Qpid
          Issue Type: Test
          Components: Java Broker, Java Tests
            Reporter: Lorenz Quack
            Priority: Minor


By setting a easily identifiable (random) well known password we can gain some level of confidence
that we do not accidentally leak it in a plaintext way be scaning all output (TRACE broker
& client logs, STDOUT, STDERR, config files) for the occurrence of that password.
Additionally, we could scan for unsalted hashes (SHA1, SHA2, MD5).




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message