Skip to main content

Source code revision


summary: Fix for CR 6944767
revision: 36538
author: tjquinn
date: 2010-04-21 19:41:54 UTC (5 years)
message: Fix for CR 6944767

The RemoteDeploymentFacility (which provides callable deployment-related services and underlies the JSR-88 implementation) mimics CLI commands by preparing command options and then submitting such commands remotely. It had used the programmatic equivalent of the --passwordfile filePath option on asadmin commands by creating a temporary file containing the password passed in as an argument and then deleting the file after the command completed. This is a security risk for the time the file exists because it contains the password.

These changes use the password option (which is a security risk if used on a command line but is preferred in a callable setting) instead of passwordfile.

(This check-in is to the 3.0.1 branch and is functionally identical to the corresponding main trunk change.)

Tests: deployment and ejb devtests, QL tests
Change Path Actions
M branches/3.0.1/deployment/client/src/main/java/org/glassfish/deployment/client/
Please Confirm