RFE Review : JDK-5016517 - Replace plaintext passwords by hashed passwords for out-of-the-box JMX Agent
Harsha Wardhana B
harsha.wardhana.b at oracle.com
Fri Nov 10 12:38:18 UTC 2017
Hi,
Please find the below webrev with the following changes.
1. All the reads/writes into the password file are synchronized w.r.t
threads within the JVM and across multiple JVM processes. It is possible
that some edits made to file while the agent is running might be lost
and hence added a cautionary note in jmxremote.password.template.
2. Added a new test-case 'testMultipleClients' that validates concurrent
read/writes
3. Added an info log when the password file is over-written.
http://cr.openjdk.java.net/~hb/5016517/webrev.08/
Please review the latest webrev.
Thanks
Harsha
On Wednesday 08 November 2017 09:29 AM, mandy chung wrote:
>
>
> On 11/7/17 9:04 AM, Harsha Wardhana B wrote:
>>
>> Hi Mandy,
>>
>> To summarize the changes,
>>
>> 1. The header will not contain the file modification timestamp.
>> Instead when the password file is modified, a debug log will be
>> printed. The log will contain the timestamp.
>>
>> 2. The password file is now protected from concurrent writes from
>> within the JVM.
>>
>> 3. HashedPasswordManager.authenticate accepts char[] for password
>> instead of String.
>>
>
> Thanks for this. That helps.
>> Header will be inserted. Apart from that all the comments will be
>> retained.
>
> I think this header can also be taken out. The comment may already be
> copied from the template or deleted on purpose.
>
>>> Also log a message when the file is overridden - we didn't discuss
>>> the format but I think it should include the pathname of the file
>>> and the role name of the overridden entries (should it be info
>>> level?). line 308-311 is debug message - is that the one?
>> I guess this wasn't discussed. We just output a debug log saying the
>> file is overwritten. File name can be mentioned in the log.
>
> INFO log message seems more appropriate.
>
> Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20171110/3604a30a/attachment.html>
More information about the serviceability-dev
mailing list