Download
Abstract
Database User Password is printed in FFDC log in cleartext.
Download Description
PK86137 resolves the following problem:
ERROR DESCRIPTION:
WebSphere Application Server 7.0.0.1 ND
When the Database user and password are set using the wsadmin scripts while configuring the JAAS-J2C Authentication Data, the password value appears in clear text in the FFDC logs.
The following entry in the FFDC log could be observed to determine the above problem.
com.ibm.db2.jcc.DB2PooledConnection::password_:my_password
"my_password" appears in clear text which should not be the case.
LOCAL FIX:
N/A
PROBLEM SUMMARY
USERS AFFECTED:
All users of IBM WebSphere Application Server V6.1 and V7.0
PROBLEM DESCRIPTION:
Database User Password is printed in FFDC log in cleartext.
RECOMMENDATION:
None
When JAAS - J2C authentication data is set and there is a failure in execution of interaction represented by InteractionSpec ,FFDC is generated. The FFDC has a password defined in plain text.
The FFDC :
[6/15/09 2:19:12:921 SGT] FFDC
Exception:javax.resource.ResourceException
SourceId:com.ibm.ws.rsadapter.cci.WSInteractionImpl.executeProbeId:139
Reporter:com.ibm.ws.rsadapter.cci.WSInteractionImpl@2c132c13
javax.resource.ResourceException
at
com.ibm.ws.rsadapter.cci.WSInteractionImpl.execute(WSInteractionImpl.java:457)
at
com.ibm.wsspi.ejbpersistence.WSEJBToRAAdapter.executeFinder(WSEJBToRAAdapter.java:212)
at
com.ibm.ws.rsadapter.cci.WSRelationalRAAdapter.executeFinder(WSRelationalRAAdapter.java:433)
at
com.ibm.ws.ejbpersistence.dataaccess.DataAccessRequestImpl.executeOneRowFBPK(DataAccessRequestImpl.java:576)
at
com.ibm.ws.ejbpersistence.beanextensions.ConcreteBeanStatefulInstanceExtensionImpl.fetchRecordFromDataStore(ConcreteBeanStatefulInstanceExtensionImpl.java:910)
at
com.ibm.ws.ejbpersistence.beanextensions.ConcreteBeanStatefulInstanceExtensionImpl.hydrateRecordForLoad(ConcreteBeanStatefulInstanceExtensionImpl.java:839)
In the FFDC the password would printed :
com.ibm.db2.jcc.DB2PooledConnection::password_:my_password
PROBLEM CONCLUSION:
Added the FFDC introspectself to the class which is printing the password. This would be automaticaly called to printonly relevant FFDC information excluding sensitive information formatted as a String array.
The fix for this APAR is currently targeted for inclusion in fix packs 6.1.0.29 and 7.0.0.7 Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
07 October 2019
UID
swg24023927