Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
-
None
-
1
-
Description
Currently the approved method of starting Synchrony as a service involves storing the database credentials in clear text in a systemd configuration file. Even if you lock this file down, or assign it as a variable in a users .bash_profile it is not a best practice. Suggesting that some more secure mechanism be provided to deal with this within the application. For example LUKS in RHEL 7 could be used for this purpose, but there needs to be some work in Confluence to support this mechanism.
Attachments
Issue Links
- relates to
-
CONFSERVER-53085 Move sensitive information out of Synchrony JVM arguments
- Closed