|summary:||Fix for CR 6944767|
|date:||2010-04-21 19:41:54 UTC (5 years)|
|message:||Fix for CR 6944767
The RemoteDeploymentFacility (which provides callable deployment-related services and underlies the JSR-88 implementation) mimics CLI commands by preparing command options and then submitting such commands remotely. It had used the programmatic equivalent of the --passwordfile filePath option on asadmin commands by creating a temporary file containing the password passed in as an argument and then deleting the file after the command completed. This is a security risk for the time the file exists because it contains the password.
These changes use the password option (which is a security risk if used on a command line but is preferred in a callable setting) instead of passwordfile.
(This check-in is to the 3.0.1 branch and is functionally identical to the corresponding main trunk change.)
Tests: deployment and ejb devtests, QL tests