PK86137; 7.0.0.5: sensitive information printed in FFDC log

Download

Abstract

Database User Password is printed in FFDC log in cleartext.

Download Description

PK86137 resolves the following problem:

ERROR DESCRIPTION:
WebSphere Application Server 7.0.0.1 ND

When the Database user and password are set using the wsadmin scripts while configuring the JAAS-J2C Authentication Data, the password value appears in clear text in the FFDC logs.

The following entry in the FFDC log could be observed to determine the above problem.

com.ibm.db2.jcc.DB2PooledConnection::password_:my_password

"my_password" appears in clear text which should not be the case.

LOCAL FIX:
N/A

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server V6.1 and V7.0

PROBLEM DESCRIPTION:
Database User Password is printed in FFDC log in cleartext.

RECOMMENDATION:
None

When JAAS - J2C authentication data is set and there is a failure in execution of interaction represented by InteractionSpec ,FFDC is generated. The FFDC has a password defined in plain text.
The FFDC :

[6/15/09 2:19:12:921 SGT] FFDC
Exception:javax.resource.ResourceException
SourceId:com.ibm.ws.rsadapter.cci.WSInteractionImpl.executeProbeId:139
Reporter:com.ibm.ws.rsadapter.cci.WSInteractionImpl@2c132c13
javax.resource.ResourceException
at
com.ibm.ws.rsadapter.cci.WSInteractionImpl.execute(WSInteractionImpl.java:457)
at
com.ibm.wsspi.ejbpersistence.WSEJBToRAAdapter.executeFinder(WSEJBToRAAdapter.java:212)
at
com.ibm.ws.rsadapter.cci.WSRelationalRAAdapter.executeFinder(WSRelationalRAAdapter.java:433)
at
com.ibm.ws.ejbpersistence.dataaccess.DataAccessRequestImpl.executeOneRowFBPK(DataAccessRequestImpl.java:576)
at
com.ibm.ws.ejbpersistence.beanextensions.ConcreteBeanStatefulInstanceExtensionImpl.fetchRecordFromDataStore(ConcreteBeanStatefulInstanceExtensionImpl.java:910)
at
com.ibm.ws.ejbpersistence.beanextensions.ConcreteBeanStatefulInstanceExtensionImpl.hydrateRecordForLoad(ConcreteBeanStatefulInstanceExtensionImpl.java:839)

In the FFDC the password would printed :

com.ibm.db2.jcc.DB2PooledConnection::password_:my_password

PROBLEM CONCLUSION:
Added the FFDC introspectself to the class which is printing the password. This would be automaticaly called to printonly relevant FFDC information excluding sensitive information formatted as a String array.

The fix for this APAR is currently targeted for inclusion in fix packs 6.1.0.29 and 7.0.0.7 Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"7695","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK86137/readme.txt"}]

          [{"DNLabel":"7.0.0.3-WS-WAS-IFPK86137","DNDate":"7/28/2009","DNLang":"US English","DNSize":"17297","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.3-WS-WAS-IFPK86137&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK86137/7.0.0.3-WS-WAS-IFPK86137.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK86137/7.0.0.3-WS-WAS-IFPK86137.pak"}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java 2 Connectivity (J2C)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.0.3;7.0.0.5","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PK86137

Was this topic helpful?

Document Information

Modified date:
07 October 2019

UID

swg24023927

Tips