Uploaded image for project: 'mod-password-validator'
  1. mod-password-validator
  2. MODPWD-65

Username and password expressed in plain text in module logs

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      eHoldings Sprint 114, eHoldings Sprint 115
    • Story Points:
      1
    • Development Team:
      Spitfire
    • Release:
      R1 2021 Hot Fix #1
    • Hot Fix Approved by Cap Planning?:
      Yes
    • Hot Fix Approval Comments:
      Approved at CPT meeting at 17/05/2021

      Description

      In the Docker/module logs, when the module first starts the database admin username and password are expressed in plain text. This is a security risk.

       

      Example of the log:

      exec java -XX:MaxRAMPercentage=85.0 -Dspring.datasource.username=folio_admin -Dspring.datasource.password=password -Dspring.datasource.url=jdbc:postgresql://pg-folio:5432/okapi_modules -Dspring.kafka.bootstrap-servers=http://kafka-r1:9092 -Dspring.datasource.username=folio_admin -Dspring.datasource.password=password -Dspring.datasource.url=jdbc:postgresql://pg-folio:5432/okapi_modules -Dspring.kafka.bootstrap-servers=http://kafka-r1:9092 -XX:+ExitOnOutOfMemoryError -cp . -jar /usr/verticles/mod-data-export-worker-fat.jar 
      

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                psmagin Pavlo Smahin
                Reporter:
                Oleksandr Dekin Oleksandr Dekin
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases