Java Solaris Communities Sun Store Join SDN My Profile Why Join?
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > Community > Bug Database >
Join SDNWhy Join
 
Bug Database
Bug Detail
Quick Lists
Top 25 Bugs
Top 25 RFE's
Recently Closed Bugs
Printable Page Printable Page


Bug Database
Welcome
 
»  Login
»  Report a Bug
»  FAQs
  Bug Watch List:
» Watch this Bug
 Bug Votes:
 This bug is Closed.You cannot Vote for it.
Bug ID: 4417626
Votes 0
Synopsis jmqobjmgr echoes entered password (credentials)
Category jmq:admin
Reported Against 2.0beta
Release Fixed 3.0(3.0fcs)
State 11-Closed, Unverified, bug
Priority: 4-Low
Related Bugs 4093009 , 4105487 , 4050435
Submit Date 21-FEB-2001
Description 
When any of the JNDI security attributes are not specified via the -r option
in jmqobjmgr, they are prompted:

--------------------------------------------------------------------------------
% jmqobjmgr add -t t -r "java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory" -r "java.naming.provider.url=ldap://jpgserv:389/ou=JMSObj, ou=isa, o=JMQ" -r "java.naming.security.authentication=simple" -l myTopic

Adding a Topic  customer  with the following attributes:
 
JMQDestinationName [Destination Name]     untitled

Using the the following lookup name:

myTopic

To the  customer  store specified by:

java.naming.factory.initial             com.sun.jndi.ldap.LdapCtxFactory
java.naming.provider.url                ldap://jpgserv:389/ou=JMSObj, ou=isa, o=JMQ
java.naming.security.authentication     simple

Enter the value for java.naming.security.principal:      
--------------------------------------------------------------------------------

Essentially, the values for the following properties are prompted for:

	java.naming.security.principal
	java.naming.security.credentials

The issue here is that the entered information is visible and not hidden
or echoed as '*'.
Work Around 
N/A
Evaluation 
  xxxxx@xxxxx   2001-02-21
-------------------------
Java currently has no support for doing this. See bugs:
4105487 - java.io classes need a way to hide console input (EG: passwd) like setEchoChar()
4050435 - TTY: Add support for password prompting [getpass(3c), but better]
4093009 - turn echo off when typing sensitive information

So, to do this (as we did in JMQ 1.1), native code needs to be written.

Integration of this into the codebase right now is not seen as something that is
worth while - we do have to worry about Solaris, NT, Linux.

For JMQ 2.0 FCS, we will continue to echo the typed password on the
command line - no change needed. Post FCS, we will see if this is an
important issue for customers and plan for the next release.


  xxxxx@xxxxx   2001-02-23
--------------------------
This echoing of passwd also occurs in jmqusermgr, jmqcmd.
Isa spoke with Chris about this and he said to leave it for now
because he's not sure if it's worth
the trouble.

If we do have to solve this in the future,
Chris said we can build the Linux .so by hand and
check the .so into the tree.

For 2.0 FCS, we will continue to echo the typed
passwd on the cmd line.  Post FCS, we will see if
this is an important issue for customers and plan
for the next release.


  xxxxx@xxxxx   2002-05-23
------------------------------
Admin now prompts for passwd/credentials without echo chars in the 
following cases:

o imqcmd
  imqcmd prompts for the administrator username and password if
  the -u and/or -p options are not specified. We will continue to
  echo the username when typed in. For the password, we will not
  echo any characters when the password is typed in if the native
  code to do this is available.

o imqobjmgr
  In imqobjmgr, if the JNDI property
  java.naming.security.authentication=simple we prompt the user
  for two additional JNDI values if either of them has not been
  specified. It will prompt the user for:
     + java.naming.security.principal
     + java.naming.security.credentials
  We will continue to echo the value to
  java.naming.security.principal. We will not echo the value to
  java.naming.security.credentials if the native code to do this
  is available. For any other case where
  java.naming.security.authentication is not set to simple, the
  user is on their own to specify the necessary JNDI attributes
  when connecting to LDAP.

o imqadmin
  In imqadmin, if the JNDI property
  java.naming.security.authentication=simple we prompt the user
  for two additional JNDI values if either of them has not been
  specified. It will prompt the user for:
      + java.naming.security.principal
      + java.naming.security.credentials
  We echo the value to java.naming.security.principal. We do not
  echo the value to java.naming.security.credentials. For any
  other case where java.naming.security.authentication is not set
  to simple, the user is on their own to specify the necessary
  JNDI attributes when connecting to LDAP.

o imqusermgr
  imqusermgr prompts for the username and password if the -u
  and/or -p options are not specified. We will continue to echo
  the username when typed in. For the password. we will not echo
  any characters when the password is typed in if the native code
  to do this is available.


  xxxxx@xxxxx   2003-11-04
-----------------------------
Verified on Solaris.
Comments
  
  Include a link with my name & email   


PLEASE NOTE: JDK6 is formerly known as Project Mustang





About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright 1994-2008 Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Content Feeds