RFE Review : JDK-5016517 - Replace plaintext passwords by hashed passwords for out-of-the-box JMX Agent
Roger Riggs
Roger.Riggs at Oracle.com
Wed Nov 1 15:18:32 UTC 2017
Hi Harsha,
Sorry for the late editorial recommendations:
In jmxremote.password.template:
41: "Clear text" -> "A clear text"
43: 'below format" -> "format below"
53: "in clear" -> "in the clear"
63: "in clear" -> "in the clear"
77: "by ONLY the owner" -> "ONLY by the owner"
80-81: Is not consistent with the 77-78; 80-81 can be removed
82: "should" -> "must" to be consistent with 77:
82: "except for owner" -> "ONLY by the owner"
92: should end with "." or ':"
97: "passwords will" -> "the passwords will"
98: "below entries with clear" -> "the entries below with the clear"
99: "should end with "." or ":"
management.properties:
311: sentence should end with "."
Thanks, Roger
On 10/31/2017 1:07 PM, mandy chung wrote:
>
>
> On 10/31/17 8:55 AM, Harsha Wardhana B wrote:
>>
>> Hi Mandy,
>>
>> Below is the new webrev incorporating below review comments.
>>
>> http://cr.openjdk.java.net/~hb/5016517/webrev.06/
>
> Looks okay in general except this:
> 286 // Check if header needs to be inserted
> 287 if (sbuf.indexOf("# The passwords in this file are hashed") != 0) {
> 288 String lastUpdated = "# file last updated on - "
> 289 + new SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new Date()) + "\n\n";
> 290 sbuf.insert(0, header + lastUpdated);
> 291 }
>
> Relying on matching the partial header string is fragile.
> Also the timestamp is not updated if the file contains such
> heading but the file is re-written again.
>
> You should probably drop the header (auto-inserted), not add
> it to sbuf, and always add the header when updating the
> password file.
>
> Mandy
>
More information about the serviceability-dev
mailing list