Tutorial :How to hide datasource passwords in in Tomcat JMX Beans



Question:

Tomcat exposes a good wealth of information about its internals via JMX. You can see data source, connector usage, thread pools, you name it.

However, it also exposes the password of the JDBC datasource (Catalina->DataSource->javax.sql.DataSource->...). Is there any way to hide this information from being published ?

We've found a way to manage the exposed JMX information via modifying the mbeans-descriptors.xml files contained within the jar files of the Tomcat distribution, however, we're looking for a way to do this without modifying the distribution.

So, how can we hide the password field of a JDBC connection in Tomcat exposed JMX beans ?

Regards, Bulent Erdemir


Solution:1

Just restrict access at JMX level to ones who are authorized.


Solution:2

we use encrypted passwords. the password is "there" but unusable for casual users.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »