glassfish
  1. glassfish
  2. GLASSFISH-18348

Docs: tell users best practices for using asadmin --passwordfile

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 3.1.2_b21
    • Fix Version/s: 4.0_b83
    • Component/s: docs
    • Labels:
      None

      Description

      We need to ensure that we document best practices for dealing with the password file used with the asadmin --passwordfile option. We need to mention:

      1) Make sure the passwordfile is readable only by the owner
      2) Remove the passwordfile once they are done using it with the asadmin command

      For 3.1.2 please add this to the Security Guide (or Admin Guide if that is more appropriate).

      We should also add this to the asadmin man page (too late to do this for 3.1.2).

        Activity

        Hide
        Mike Fitch added a comment - - edited

        Added direction to:

        • secure (using file system permissions) password files used with the --passwordfile option
        • delete such files when they are no longer needed

        to the following areas in the Security Guide:

        • Chapter 1, "Administering System Security" > "About System Security in GlassFish Server" > "Authentication" > "Passwords" > "Encoded Passwords"
        • Chapter 1, "Administering System Security" > "Administering Passwords" > "To Set a Password From a File"
        • Chapter 6, "Running in a Secure Environment" > Table 6–1, "Securing the GlassFish Server Host" > "Safeguard password files"
        • Chapter 6, "Running in a Secure Environment" > Table 6–2, "Securing GlassFish Server" > "Safeguard password files"
        Show
        Mike Fitch added a comment - - edited Added direction to: secure (using file system permissions) password files used with the --passwordfile option delete such files when they are no longer needed to the following areas in the Security Guide: Chapter 1, "Administering System Security" > "About System Security in GlassFish Server" > "Authentication" > "Passwords" > "Encoded Passwords" Chapter 1, "Administering System Security" > "Administering Passwords" > "To Set a Password From a File" Chapter 6, "Running in a Secure Environment" > Table 6–1, "Securing the GlassFish Server Host" > "Safeguard password files" Chapter 6, "Running in a Secure Environment" > Table 6–2, "Securing GlassFish Server" > "Safeguard password files"
        Hide
        Paul Davies added a comment -

        [UB]: Affects unbundled documentation.

        Show
        Paul Davies added a comment - [UB] : Affects unbundled documentation.
        Hide
        Tom Mueller added a comment -

        Bulk update to set Fix Version to "not determined" for issues that had it set to a version that has already been released.

        Show
        Tom Mueller added a comment - Bulk update to set Fix Version to "not determined" for issues that had it set to a version that has already been released.
        Hide
        Mike Fitch added a comment -

        Removing [UB] from summary so this issue shows up in the bundled doc queries for 4.0, given the comment "We should also add this to the asadmin man page (too late to do this for 3.1.2)" in the description.

        Show
        Mike Fitch added a comment - Removing [UB] from summary so this issue shows up in the bundled doc queries for 4.0, given the comment "We should also add this to the asadmin man page (too late to do this for 3.1.2)" in the description.
        Hide
        Mike Fitch added a comment -

        For real this time.

        Show
        Mike Fitch added a comment - For real this time.
        Hide
        Mike Fitch added a comment -

        Added the following to --passwordfile in the asadmin man page:

        "Note that any password file created to pass as an argument by using the --passwordfile option should be protected with file system permissions. Additionally, any password file being used for a transient purpose, such as setting up SSH among nodes, should be deleted after it has served its purpose."

        This addition will become accessible in GlassFish when the next main-docs build is promoted and picked up by GlassFish builds.

        Show
        Mike Fitch added a comment - Added the following to --passwordfile in the asadmin man page: "Note that any password file created to pass as an argument by using the --passwordfile option should be protected with file system permissions. Additionally, any password file being used for a transient purpose, such as setting up SSH among nodes, should be deleted after it has served its purpose." This addition will become accessible in GlassFish when the next main-docs build is promoted and picked up by GlassFish builds.
        Hide
        Mike Fitch added a comment -

        Addition included in main-docs 4.0_b26, which began getting picked up by GlassFish builds as of revision 61028.

        Show
        Mike Fitch added a comment - Addition included in main-docs 4.0_b26, which began getting picked up by GlassFish builds as of revision 61028.

          People

          • Assignee:
            Mike Fitch
            Reporter:
            Joe Di Pol
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: