Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Hidding web/jmx admin password
Hidding web/jmx admin password [message #655308] Sat, 19 February 2011 07:20 Go to next message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
Hi,

Currently the password is stored in clear text under config directory.

is it possible to hide/encypt it?

With the current state, I am not not sure if if Virgo is installable/acceptable under corporate or govermental environmental environments.

Thanks

-Dan
Re: Hidding web/jmx admin password [message #655313 is a reply to message #655308] Sat, 19 February 2011 10:23 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo Iliev
Messages: 156
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member

The access to org.eclipse.virgo.kernel.jmxremote.access.properties is restricted to the user starting Virgo. This can be applied to the rest of the config files.

Will this help you?
Re: Hidding web/jmx admin password [message #655358 is a reply to message #655313] Sat, 19 February 2011 20:03 Go to previous messageGo to next message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
Hi Hristo


That is not acceptable for corporate IT. I dealt with this before

How about provide some type of command line to hash the clear text password? not sure how this would work for JConsole, but Web Admin seems do able.

-D

Re: Hidding web/jmx admin password [message #655385 is a reply to message #655358] Sun, 20 February 2011 10:06 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo Iliev
Messages: 156
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member

Hi,

Afaik JMX can also use custom login module.

Can you please create enhancement request for the plain text passwords?

Having hashed passwords will complicate the Virgo configuration, so we need to think of a way to have this configurable. As you mentioned we'll also need tool(s) for changing the passwords.

Btw Virgo uses the recommended method to secure the JMX access file.

Regards,
Hristo Iliev

[Updated on: Sun, 20 February 2011 10:22]

Report message to a moderator

Re: Hidding web/jmx admin password [message #655428 is a reply to message #655385] Sun, 20 February 2011 19:53 Go to previous messageGo to next message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
Hi Hristo,

From your ref link ot JMX method of authentication, user can use client certificate or LDAP password authentication authentication, this is a much safer approach.

Big thanks

-Dan
Re: Hidding web/jmx admin password [message #655559 is a reply to message #655428] Mon, 21 February 2011 18:36 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo Iliev
Messages: 156
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member

This can require some changes in dmk.bat/sh to apply some new parameters.

We'll be glad if you can share your progress here on the forum Smile
Re: Hidding web/jmx admin password [message #655578 is a reply to message #655559] Mon, 21 February 2011 19:37 Go to previous message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
I will surely return whatever I can back to Virgo Community.

Thanks for the support.

-Dan
Previous Topic:Will virgo-jetty-server publish a HttpService?
Next Topic:Reliable mass install/update
Goto Forum:
  


Current Time: Sun Oct 26 02:56:20 GMT 2014

Powered by FUDForum. Page generated in 0.02171 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software