PQ76089: J2C RESOURCE ADAPTERSPROPERTIES PASSWORD SHOWS AS PLAIN TEXT IN ADMIN CONSOLE AND XML FILE (XMLCONFIG EXPORT)

 A fix is available

4.0.7: WebSphere Application Server Version 4.0 Fix Pack 7



APAR status
Closed as program error.

Error description
J2C Resource AdaptersProperties password shows as plain text in
admin console and xml file (xmlconfig export)
From console
-Resources
 -J2C Resource Adapters(Right Click)
 and... from "J2C Resource AdaptersProperties" window
-select "advanced" tab
Here specify a property name as a "password" and associate this
with an value.
-console and xml export displays this value as typed
XML output....
<config-property name="Password" value="mypassword">
<type>java.lang.String</type>
</config-property>
This password value needs to be encrypted


Target date is Sepetember 7, 2003.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server 4.0 Advanced    *
*                 Edition users exporting Connector            *
*                 Architecture ( J2C ) resources.              *
****************************************************************
* PROBLEM DESCRIPTION: Viewing or exporting J2C resources      *
*                      displays the password in plain text.    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When J2C resources are viewed on the Admin Console, the
passwords are visible in plain text.  Also, data exported using
XMLConfig will show the password in plain text as well.
Problem conclusion
The code was not checking whether there are fields in J2C
resources that require masking.  The code was modified to
address this issue.
Temporary fix
This is in reality the final fix.  ALl the work is done.
I do not anticipate any problems.  However, as a formality
I am treating this as required for getting feedback from
Liberty Mutual.
Comments
Fix is complete.  Uploaded to 
pq99999.  No problems are
anticipated in installation at .  However, it will be
good to get CU feedback. I am setting Sep 27 as the date
for feedback, APAR publication, and APAR closure.
Unfortunately, I did not know that there was a fixtest
requirement before closure.  Hence the target date extension.
APAR information
APAR number PQ76089
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-07-08
Closed date 2003-09-24
Last modified date 2003-09-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
J2CConfi J2CConne ctionFac gPropert java tory
yTable          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ76089
IBM Group: Software Group
Modified date: Sep 24, 2003