This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
| Summary: | Insecure storage of server admin passwords | ||
|---|---|---|---|
| Product: | serverplugins | Reporter: | Jesse Glick <jglick> |
| Component: | Infrastructure | Assignee: | Petr Hejl <phejl> |
| Status: | VERIFIED FIXED | ||
| Severity: | normal | CC: | anebuzelsky, jskrivanek, mmirilovic, pjiricka |
| Priority: | P2 | ||
| Version: | 6.x | ||
| Hardware: | All | ||
| OS: | All | ||
| Issue Type: | DEFECT | Exception Reporter: | |
| Bug Depends on: | 173413 | ||
| Bug Blocks: | |||
it is mine now I will help finish the propagation of the Keyring api into the j2ee.sun.* modules for 6.9... I categorized all such issues as DEFECTs since the current state may permit user passwords to be compromised. Looks reasonable from what I can understand. Minor comments: - key description need not start with ' ' - GlassfishModule.PASSWORD_CONVERTED_FLAG is odd; generally you would simply delete the password from old storage after conversion. But perhaps there is some reason for doing it this way that is specific to server config files. Integrated into 'main-golden', will be available in build *201002180200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/3a6c4e72612e User: vince kraemer <vkraemer@netbeans.org> Log: #178165: use the keyring for the admin passwords We have to do this for other servers as well. This is really a P2 *defect*, needs to be fixed for 7.0.1. Fixed in web-main ea5a6231a5d8 and 519d03495203. Integrated into 'main-golden', will be available in build *201104090401* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/ea5a6231a5d8 User: phejl@netbeans.org Log: #178165 Insecure storage of server admin passwords Avoid EDT usage: web-main fead1e05a030. Integrated into 'main-golden', will be available in build *201104120401* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/fead1e05a030 User: phejl@netbeans.org Log: #178165 Insecure storage of server admin passwords Integrated into 'main-golden', will be available in build *201104130401* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/3a5d840491bd User: phejl@netbeans.org Log: #178165 Insecure storage of server admin passwords - deadlock fix Integrated into 'main-golden', will be available in build *201104210000* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/cb99fb87b64f User: phejl@netbeans.org Log: #178165 Insecure storage of server admin passwords - deadlock fix For Tomcat server the password is still stored in <userdir>/tomcat.properties for headless deployment. Please, do not store the password and rather modify ant-deploy.xml script to print warning that user has to provide password himself to be able to deploy from command line (Jesse already pointed this out in the last paragraph of the original description). Affected source file: tomcat5\src\org\netbeans\modules\tomcat5\AntDeploymentProviderImpl.java Moreover headless deployment is not working and needs to be fixed (see bug 198271). Fixed in web-main 187973203f7b. Integrated into 'main-golden', will be available in build *201105050000* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/187973203f7b User: phejl@netbeans.org Log: #178165 Insecure storage of server admin passwords Verified in trunk build 201105050000. Please, merge to 70 patch 1 branch. (In reply to comment #18) > Verified in trunk build 201105050000. Please, merge to 70 patch 1 branch. That would mean merging all previous patches and deadlock fixes. That seems too risky to me. Do we really want to do that for patch 1? Integrated into 'main-golden', will be available in build *201105070000* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/4406cc376cdb User: phejl@netbeans.org Log: #178165 Insecure storage of server admin passwords |
At least in the case of GFv2, admin passwords for Java EE servers seem to be stored insecurely in the userdir: ---%<--- glassfish.properties ... sjsas.password=adminadmin ... ---%<--- config/J2EE/InstalledServers/.nbattrs ... <attr name="password" stringvalue="adminadmin"/> ... ---%<--- Such passwords should be stored in a secure keyring (see pending API). For compatibility, when encountering the old settings format, read the password, save it to the keyring, and then delete it from disk. o.n.m.j2ee.deployment.impl.ServerRegistry.addInstance/writeInstanceToFile seems to be responsible for the J2EE/InstalledServers storage. Might as well switch to NbPreferences while you're at it; persisting settings in .nbattrs files is rather unpleasant. o.n.m.j2ee.sun.ide.j2ee.PluginProperties.registerDefaultDomain looks like it needs to change as well, maybe others. glassfish.properties seems to come from o.n.m.j2ee.sun.ide.dm.SunDeploymentManager.storeAntDeploymentProperties. You need to find some way to send the password information to Ant without storing it in a file first - especially one that is world-readable and kept at all times in the userdir! Passing -Dserver.password=... on the command line is better, though including passwords in argv is generally considered poor practice too (e.g. 'jps -lm' reveals them).