GeoServer
  1. GeoServer
  2. GEOS-1793

Password connection parameters are stored in plain text.

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 1.6.0-RC3
    • Fix Version/s: 2.0.x
    • Labels:
      None
    • Environment:
      Windows XP Pro, SP2. BEA Weblogic Server 9.2, ArcSDE 9.2, deployed geoserver.war exploded, 1.6.0-RC3 initially downloaded and later built from svn co of 1.6.0-RC3.
    • Patch Submitted:
      Yes
    • Number of attachments :
      1

      Description

      When configuring an ArcSDE DataStore, the password connection parameter is stored to the geoserver/data/catalog.xml file in plain text. The XMLConfigWriter.storeDataStore() method should be modified to encrypt any connection parameter with the keyword "password". When passwords are stored encrypted, the XML attribute value should be renamed "encryptedValue" as opposed to "value". The XMLConfigReader should then use the corresponding decryption algorithm to decrypt any "encryptedValue" attributes when reading in connection parameters. Note: this will allow for someone to "bootstrap" GeoServer config by hand-editing the connection parameters in the catalog.xml file and replacing any "encryptedValue" attribute with a "value" attribute and setting it to the proper plain text password. This encryption should only take place if a system property is set with the full path to a jks KeyStore containing a Secret Key used for encrypt/decrypt, otherwise passwords will be stored in plain text and a warning level statement to that effect will be logged.

        Issue Links

          Activity

          Hide
          Andrea Aime added a comment -

          This one has been rescheduled a number of times... pity cause there was a patch attached to it.
          Maybe something we should consider for 2.0.x? We are breaking backwards compatibility with the storage format anyways, seems like we could make a custom XStream persister that knows to encrypt passwords if we give it enough metadata to recognize one?

          Show
          Andrea Aime added a comment - This one has been rescheduled a number of times... pity cause there was a patch attached to it. Maybe something we should consider for 2.0.x? We are breaking backwards compatibility with the storage format anyways, seems like we could make a custom XStream persister that knows to encrypt passwords if we give it enough metadata to recognize one?
          Hide
          Andrea Aime added a comment -

          Just a minor note about the patch, is uses sun.misc.BASE64Decoder and sun.misc.BASE64Encoder, we should use an external replacement for those (commons codecs does have one for example)

          Show
          Andrea Aime added a comment - Just a minor note about the patch, is uses sun.misc.BASE64Decoder and sun.misc.BASE64Encoder, we should use an external replacement for those (commons codecs does have one for example)
          Hide
          Gabriel Roldan added a comment -

          Right. Also, my concern is about the need to run java with the location of the keyfile as argument. Surely some people won't be able to do that (websphere, etc)
          It seems to me like a contribution to the UI to indicate that will be needed?

          Show
          Gabriel Roldan added a comment - Right. Also, my concern is about the need to run java with the location of the keyfile as argument. Surely some people won't be able to do that (websphere, etc) It seems to me like a contribution to the UI to indicate that will be needed?
          Hide
          Andrea Aime added a comment -

          catalog.xml is gone but users.properties has the same problem

          Show
          Andrea Aime added a comment - catalog.xml is gone but users.properties has the same problem
          Hide
          Andrea Aime added a comment -

          Switching all issues that have been in "resolved" state for more than one month without further comments to "closed" status

          Show
          Andrea Aime added a comment - Switching all issues that have been in "resolved" state for more than one month without further comments to "closed" status

            People

            • Assignee:
              Gabriel Roldan
              Reporter:
              Michael Runnals
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: