Uploaded image for project: 'mod-data-export-worker'
  1. mod-data-export-worker
  2. MODEXPW-17

Username and password expressed in plain text in module logs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: P1
    • Resolution: Done
    • Affects Version/s: 1.0.5
    • Fix Version/s: 1.0.6
    • Labels:
    • Environment:

      Multi-node K8s cluster backed by vSphere

    • Template:
    • Sprint:
      Concorde - Sprint 113
    • Story Points:
      2
    • Development Team:
      Scout
    • Release:
      R1 2021 Hot Fix #1
    • Hot Fix Approved by Cap Planning?:
      Yes
    • Hot Fix Approval Comments:
      Approved by Security Team (including Mike Gorrell, a member of Cap Planning).
    • Affected Institution:
      TAMU

      Description

      Update:  Approved as R1 2021 Hot Fix by Security Team (including Mike Gorrell) on May 13, 2021.

       

      In the Docker/module logs, when the module first starts the database admin username and password are expressed in plain text. This is a security risk.

       

      Example of the log:

      exec java -XX:MaxRAMPercentage=85.0 -Dspring.datasource.username=folio_admin -Dspring.datasource.password=password -Dspring.datasource.url=jdbc:postgresql://pg-folio:5432/okapi_modules -Dspring.kafka.bootstrap-servers=http://kafka-r1:9092 -Dspring.datasource.username=folio_admin -Dspring.datasource.password=password -Dspring.datasource.url=jdbc:postgresql://pg-folio:5432/okapi_modules -Dspring.kafka.bootstrap-servers=http://kafka-r1:9092 -XX:+ExitOnOutOfMemoryError -cp . -jar /usr/verticles/mod-data-export-worker-fat.jar 

        TestRail: Results

          Attachments

            Activity

              People

              Assignee:
              jroot Jason Root
              Reporter:
              jroot Jason Root
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  TestRail: Runs

                    TestRail: Cases