Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [birt-dev] SECURITY ISSUE IN XML!
Title: [birt-dev] SECURITY ISSUE IN XML!
Skip,
 
By "XML definitions", are you referring to the content in a report design file?  I'm not able to reproduce what you'd described. 
What's the parent element of the  <design:dataSourceDesign> that you'd listed?  
BTW, this mailing list is intended for development of the BIRT components.  Any how-to-use question is best posted in the BIRT newsgroup.  Please post follow up questions there, and attach a copy of your report design file.
 
Regards,
Linda

From: birt-dev-bounces@xxxxxxxxxxx on behalf of sstrickland
Sent: Thu 9/27/2007 4:06 PM
To: birt-dev@xxxxxxxxxxx
Subject: [birt-dev] SECURITY ISSUE IN XML!


I configured BIRT to access my iSeries using jdbc.  In the XML definitions,
my password appears in the clear (not encrypted).  This is a showstopper for
me.

BIRT version:  2.2.1.r221_v20070924


Can this be resolved?

Skip Strickland, Analyst
Information Access Group
Costco WHOLESALE
(425) 313-2521
sstrickland@xxxxxxxxxx



              <design:dataSourceDesign>
                <design:name>ISERIESNAME</design:name>
              
<design:odaExtensionId>org.eclipse.birt.report.data.oda.jdbc</design:odaExtensionId>
                <design:publicProperties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>odaDriverClass</design:name>
                    
<design:value>com.ibm.as400.access.AS400JDBCDriver</design:value>
                    </design:nameValue>
                  </design:properties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>odaURL</design:name>
                      <design:value>jdbc:as400://ISERIESNAME</design:value>
                    </design:nameValue>
                  </design:properties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>odaUser</design:name>
                      <design:value>USERID</design:value>
                    </design:nameValue>
                  </design:properties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>odaPassword</design:name>
                      <design:value>UNENCRYPTED PASSWORD</design:value>
                    </design:nameValue>
                  </design:properties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>odaJndiName</design:name>
                    </design:nameValue>
                  </design:properties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>OdaConnProfileName</design:name>
                    </design:nameValue>
                  </design:properties>
                  <design:properties>
                    <design:nameValue>
                      <design:name>OdaConnProfileStorePath</design:name>
                    </design:nameValue>
                  </design:properties>
                </design:publicProperties>
              </design:dataSourceDesign>

--
View this message in context: http://www.nabble.com/SECURITY-ISSUE-IN-XML%21-tf4531404.html#a12931382
Sent from the Eclipse BIRT - Dev mailing list archive at Nabble.com.

_______________________________________________
birt-dev mailing list
birt-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/birt-dev

Back to the top