|
Re: BIRT reports security issue with database password (odaPassword) [message #778401 is a reply to message #777901] |
Wed, 11 January 2012 17:38 |
|
I believe in later versions this has been fixed. If you switch to the
xml view and delete the designer values, does it re-write them?
Jason
On 1/11/2012 1:06 AM, Daniel Mising name wrote:
> Hello,
>
> I have remarked that my database password appear not-encrypted into the
> report file under the design section.
>
> <design:DataSetParameters>
> <design:parameterDefinitions>
> <design:inOutMode>In</design:inOutMode>
> <design:attributes>
> ...
> </design:attributes>
> <design:inputAttributes>
> <design:elementAttributes>
> <design:optional>false</design:optional>
> <design:masksValue>false</design:masksValue>
> <design:dynamicValueChoices>
> <design:dataSetDesign>
> <design:name>Agents</design:name>
> <design:odaExtensionDataSetId>org.eclipse.birt.report.data.oda.jdbc.JdbcSelectDataSet</design:odaExtensionDataSetId>
>
> <design:dataSourceDesign>
> <design:name>vsl</design:name>
> <design:odaExtensionId>org.eclipse.birt.report.data.oda.jdbc</design:odaExtensionId>
>
> <design:publicProperties>
> <design:properties>
> <design:nameValue>
> <design:name>odaDriverClass</design:name>
> <design:value>org.postgresql.Driver</design:value>
> </design:nameValue>
> </design:properties>
> <design:properties>
> <design:nameValue>
> <design:name>odaURL</design:name>
> <design:value>jdbc:postgresql://localhost/db</design:value>
> </design:nameValue>
> </design:properties>
> <design:properties>
> <design:nameValue>
> <design:name>odaUser</design:name>
> <design:value>postgres</design:value>
> </design:nameValue>
> </design:properties>
> <design:properties>
> <design:nameValue>
> <design:name>odaPassword</design:name>
> <design:value>CLEAR_PASSWORD</design:value>
> </design:nameValue>
>
>
> -The value of the parameter odaPassword is not encrypted!
>
> Just to note that the database password is encrypted for the data-source
> definition :
> <property name="odaDriverClass">org.postgresql.Driver</property>
> <property name="odaURL">jdbc:postgresql://localhost/db</property>
> <property name="odaUser">postgres</property>
> <encrypted-property name="odaPassword"
> encryptionID="base64">ENCRYPTED_PASSWORD</encrypted-property>
>
>
> Any help is very appreciated.
> Thanks in advance.
>
> Cheers
> PS: I'm using BIRT 2.5.2
|
|
|
|
Powered by
FUDForum. Page generated in 0.05738 seconds