Should we remove the following attributes from the respective mbeans?
- "shutdown" from "Catalina:type=Server"
- "keyPass" from "Catalina:type=ProtocolHandler,port=8080"
- "password" from "User"
- "connectionPassword" from "JDBCRealm"
- "password" for a DataSource (?)
Or at least allow to drop them from a jmxproxy query (e.g.
qry=*:*&filter=nopass).
Of course it is likely that people having access to JMX are already
powerful enough to do harm. On the other hand at least exports via
jmxproxy are not to unlikely to get passed outside for troubleshooting.
Is anyone aware of more of those?
What about user names for the cases where they also exist?
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
