Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Hidding web/jmx admin password
Hidding web/jmx admin password [message #655308] Sat, 19 February 2011 02:20 Go to next message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
Hi,

Currently the password is stored in clear text under config directory.

is it possible to hide/encypt it?

With the current state, I am not not sure if if Virgo is installable/acceptable under corporate or govermental environmental environments.

Thanks

-Dan

Report message to a moderator

Re: Hidding web/jmx admin password [message #655313 is a reply to message #655308] Sat, 19 February 2011 05:23 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo Iliev
Messages: 152
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member
The access to org.eclipse.virgo.kernel.jmxremote.access.properties is restricted to the user starting Virgo. This can be applied to the rest of the config files.

Will this help you?

Report message to a moderator

Re: Hidding web/jmx admin password [message #655358 is a reply to message #655313] Sat, 19 February 2011 15:03 Go to previous messageGo to next message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
Hi Hristo


That is not acceptable for corporate IT. I dealt with this before

How about provide some type of command line to hash the clear text password? not sure how this would work for JConsole, but Web Admin seems do able.

-D

Report message to a moderator

Re: Hidding web/jmx admin password [message #655385 is a reply to message #655358] Sun, 20 February 2011 05:06 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo Iliev
Messages: 152
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member
Hi,

Afaik JMX can also use custom login module.

Can you please create enhancement request for the plain text passwords?

Having hashed passwords will complicate the Virgo configuration, so we need to think of a way to have this configurable. As you mentioned we'll also need tool(s) for changing the passwords.

Btw Virgo uses the recommended method to secure the JMX access file.

Regards,
Hristo Iliev

[Updated on: Sun, 20 February 2011 05:22]

Report message to a moderator

Re: Hidding web/jmx admin password [message #655428 is a reply to message #655385] Sun, 20 February 2011 14:53 Go to previous messageGo to next message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
Hi Hristo,

From your ref link ot JMX method of authentication, user can use client certificate or LDAP password authentication authentication, this is a much safer approach.

Big thanks

-Dan

Report message to a moderator

Re: Hidding web/jmx admin password [message #655559 is a reply to message #655428] Mon, 21 February 2011 13:36 Go to previous messageGo to next message
Hristo Iliev is currently offline Hristo Iliev
Messages: 152
Registered: May 2010
Location: Sofia, Bulgaria
Senior Member
This can require some changes in dmk.bat/sh to apply some new parameters.

We'll be glad if you can share your progress here on the forum Smile

Report message to a moderator

Re: Hidding web/jmx admin password [message #655578 is a reply to message #655559] Mon, 21 February 2011 14:37 Go to previous message
Dan Tran is currently offline Dan Tran
Messages: 24
Registered: February 2011
Junior Member
I will surely return whatever I can back to Virgo Community.

Thanks for the support.

-Dan

Report message to a moderator

Previous Topic:Will virgo-jetty-server publish a HttpService?
Next Topic:Reliable mass install/update
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Jun 19 03:27:29 EDT 2013

Powered by FUDForum. Page generated in 0.01671 seconds