APAR status
Closed as program error.
Error description
Problem:
After specify the authentication data in the j2c data entry
field of a jdbc provider using console , rightclick mouse
somewhere in the generl properties of the Configuration panel
and then select view source. The password was found to be not
encoded.
Re-creation steps:WebSphere 5.0.1/base
1)Open console-->Security--> JAAS Configuration --> J2C
Authentication Data --> Added new entries for 'Alias', 'Userid'
and 'PasswordSo urce --> Password seems to be not encoded .'
-->save
2) Right click on General Properties of J2C Authentication
data-->View Source --> Password seems to be not encoded .
<input type="password" name="password" size="30"
value="vikram" id="password">
Local fix
No Work Around found.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server v5.x *
* administrative console users *
****************************************************************
* PROBLEM DESCRIPTION: When viewing html source of admin *
* console page, password fields are in *
* plain txt. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
HTML does not encode password value in its source.
The admin console is responsible for randering the html page and
needs to be modified to encode the password in html source.
Problem conclusion
Modified the admin console code so html source does not
contain password value in plain text.
Temporary fix
test fixes available for 5.0.1 base and ND
Comments
APAR information |
APAR number |
PQ78968 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-09-27 |
Closed date |
2004-05-10 |
Last modified date |
2004-05-10 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|