Launchpad has imported 6 comments from the remote bug at http://netbeans.org/bugzilla/show_bug.cgi?id=143033.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-08-06T11:53:53+00:00 Mslama wrote: Original report is at https://bugs.launchpad.net/ubuntu/+source/netbeans/+bug/244321. I checked dev build but there is tomcat 6. Not sure where to put this report if it is NetBeans or Tomcat issue. So please pass it accordingly. Reply at: https://bugs.launchpad.net/netbeans/+bug/244321/comments/5 ------------------------------------------------------------------------ On 2008-10-13T10:33:08+00:00 Phejl wrote: It is a development instance. Installer should place proper rights on file, however this won't solve issue in general. Reply at: https://bugs.launchpad.net/netbeans/+bug/244321/comments/6 ------------------------------------------------------------------------ On 2008-10-13T14:37:46+00:00 Mslama wrote: I do not think that any installer should create/set access rights to any file in user home directory (or default IDE user dir). Who/when creates this file? Reply at: https://bugs.launchpad.net/netbeans/+bug/244321/comments/7 ------------------------------------------------------------------------ On 2009-01-08T22:30:19+00:00 Thuydn wrote: Done a bit of investigation on NB 6.5 and found that - First scenario: If you select Tomcat that bundled with NB when you install NB 6.5 (and later version), the file that contains the Tomcat server manager's default username and password is stored in ~/.netbeans/6.5/apache-tomcat-6.0_base/config/tomcat-users.xml. Although the file is world-readable, the password inside the file is encrypted. The entire folder ~/.netbeans/6.5/apache-tomcat-6.0_base which is the default ${Catalina_Base} chosen by NB is NOT created at the time of NB installation, but at the time the Tomcat server is first started by users via NB Servers->server node's popup menu. - Second scenario: if you manually at Tomcat server to NB via the Add Server wizard, you are asked to enter username and password for the manager role among other things. The username and password is stored in plain text in tomcat-users.xml file under ${Catalina_Base}/config folder, where ${catalina_Base} is the folder you enter to the wizard. Possible solutions: - Option 1: encrypt the password in the second scenario before storing the password to tomcat-users.xml, then no need to change the permission of the file. - Option 2: Create the file (tomcat-users.xml) without word-readable perm, then no need to encrypt the password in either scenarios. Reply at: https://bugs.launchpad.net/netbeans/+bug/244321/comments/8 ------------------------------------------------------------------------ On 2012-03-30T16:39:12+00:00 Phejl wrote: Fixed in web-main e0f3545105f5. Reply at: https://bugs.launchpad.net/netbeans/+bug/244321/comments/9 ------------------------------------------------------------------------ On 2012-04-02T15:59:02+00:00 Quality-i wrote: Integrated into 'main-golden', will be available in build *201204021038* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main-golden/rev/e0f3545105f5 User: Petr Hejl <ph...@netbeans.org> Log: #143033 base_dir/tomcat-users.xml is world-readable Reply at: https://bugs.launchpad.net/netbeans/+bug/244321/comments/10 ** Changed in: netbeans Status: Unknown => Fix Released ** Changed in: netbeans Importance: Unknown => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/244321 Title: ~/.netbeans/6.0/tomcat55.properties is world-readable To manage notifications about this bug go to: https://bugs.launchpad.net/netbeans/+bug/244321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
