What steps will reproduce the problem?
1. check_jmx -username foo -password bar
What is the expected output? What do you see instead?
The password bar shows up in process lists, which is potentially a security
issue.
What version of the product are you using? On what operating system?
1.3, linux (Red Hat Enterprise linux 6.4)
Please provide any additional information below.
Attached is modified JMXQuery.java which adds a -pwfile option, allowing you to
provide the name of a file containing the password instead of the password
itself
on the command line. The specified password file should have the plaintext
password
as the sole contents of the first line of the file. File permissions should be
set
to restrict read access to those authorized to use the password.
WARNING: I am not comfortable programming in Java, so while my modifications
appear to work and do not appear to break any existing functionality, a review
by an experienced Java programmer is certainly called for. Error reporting
could use improvement also.
NOTE: password will still be sent unencrypted over the wire unless SSL is also
used.
Original issue reported on code.google.com by paye...@gmail.com on 11 Mar 2014 at 6:00
Original issue reported on code.google.com by
paye...@gmail.com
on 11 Mar 2014 at 6:00Attachments: