[
https://issues.apache.org/jira/browse/CLOUDSTACK-6252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13956874#comment-13956874
]
Wilder Rodrigues commented on CLOUDSTACK-6252:
----------------------------------------------
Hi John,
Sorry for the delay. I'm looking into the code and realised that there is
indeed a key that should be in the db.properties file, but by default it's not.
In the EncryptionSecretKeyChecker I found this:
String encryptionType = dbProps.getProperty("db.cloud.encryption.type");
If the property above is not present in the db.properties, then the whole
encryption is skipped.
When I tested Cloudstack 4.3.0, my db.properties did not have such a property.
Also, since I was not migrating anything, but just creating a brand new
environment, the EncryptionSecretKeyChanger class hasn't done anything.
Perhaps it means that when we install it from scratch for the very first time,
db encryption won't take place.
If you think it makes sense, I can perform the tests again.
Cheers,
Wilder
> Host password is stored in the database in the clear
> ----------------------------------------------------
>
> Key: CLOUDSTACK-6252
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: Future
> Environment: Management Server running on Debian 7
> DevCloud running on XenServer 6.2
> Reporter: Wilder Rodrigues
> Assignee: Wilder Rodrigues
>
> Via the Management Server UI, when creating an advanced Zone and adding a
> host to it, the host password is stored in the database in the clear.
> All passwords should be encrypted before stored.
> Check details below:
> mysql> select * from host_details;
> +----+---------+----------------------------------------------------+----------------------------------------+
> | id | host_id | name | value
> |
> +----+---------+----------------------------------------------------+----------------------------------------+
> | 1 | 1 | product_version | 6.2.0
> |
> | 2 | 1 | com.cloud.network.Networks.RouterPrivateIpStrategy |
> DcGlobal |
> | 3 | 1 | private.network.device |
> Pool-wide network associated with eth0 |
> | 4 | 1 | Hypervisor.Version | 4.1.5
> |
> | 5 | 1 | Host.OS |
> XenServer |
> | 6 | 1 | Host.OS.Kernel.Version |
> 2.6.32.43-0.4.1.xs1.8.0.835.170778xen |
> | 7 | 1 | wait | 600
> |
> | 8 | 1 | password |
> changeme |
> | 9 | 1 | url |
> 10.1.1.203 |
> | 10 | 1 | username | root
> |
> | 11 | 1 | xs620_snapshot_hotfix | false
> |
> | 12 | 1 | product_brand |
> XenServer |
> | 13 | 1 | product_version_text_short | 6.2
> |
> | 14 | 1 | Host.OS.Version | 6.2.0
> |
> | 15 | 1 | instance.name | VM
> |
> +----+---------+----------------------------------------------------+----------------------------------------+
--
This message was sent by Atlassian JIRA
(v6.2#6252)
