We're updating the issue view to help you get more done. 

Bitbucket STP should sanitise hazelcase.group.password

Description

The Support Tools Plugin currently passes through the password for hazelcast.group.password in the application.properties config file. While it isn't in itself possible to use this password to join a customer's cluster, it is sensitive customer data that should be sanitised.

e.g. from a customer's support ticket:

1 2 3 # The following should uniquely identify your cluster on the LAN. hazelcast.group.name=customer-name-stash-cluster001 hazelcast.group.password=their-password-was-here

Environment

None

Testing Notes

None

Status

Assignee

Lauretha Rura

Reporter

John Van Der Loo

Labels

None

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Affected Product/s

None

Fix versions

Priority

Major