APAR status
Closed as program error.
Error description
Description: When client installs a new CICS resource adapter
the "keyringpassword" custom property's value is clear text. Its
visible in clear text in the Administrative Console and in
resource.xml file
Local fix
No local fix available
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server administrative *
* console users who add resource adapters to *
* their environment *
****************************************************************
* PROBLEM DESCRIPTION: On installing a rar file if the *
* custom properties contain password *
* kindd of fields, they are shown in *
* plain text. The values of password *
* kinds of fields should not be exposed *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Custom properties are the properties defined which are
required by the external system to which we are attempting to
connect using the rar.
These fields are the properties of the rar and are not known
to Application Server and as such, Application Server cannot
identify which of these fields are to be encoded.
As a solution to this problem, code changes have been made to
iterate over each of the custom properties and if the property
contains "password or Password" as part of its name then it
will be encoded.
As an example , if the rar has a custom property named
KeyRingPassword, then its value will be encoded.
Problem conclusion
With the code fix in place, the values of custom properties
which are password kind of fields are encoded in resources.xml.
And they are displayed as "*****" in the administrative console.
The APAR has been targetted for 5.1.1.7 and 5.0.2.14
service packs
Please refer to the recommended updates page for delivery
information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix Comments
APAR information |
APAR number |
PK08205 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-06-29 |
Closed date |
2005-08-30 |
Last modified date |
2005-11-07 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS BASE 5.0 |
Fixed component ID |
5630A3600 |
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|