powered by Jive Software

Bugs: During setup: password field truncated at 50 chars, multiple "bin/openfire" bugs, bug reporting process cumbersome

In the Openfire 3.3.2 binary tarball:

  1. In the “Openfire Setup” web UI at “/setup/setup-datasource-standard.jsp” password field is needlessly (I assume) truncated at 50 characters. Users who wish to use a strong database password are prevented from doing so.

  2. If the user that runs the startup script bin/openfire has openfire’s installation directory (e.g., “/opt/openfire”) as his home directory, the file “$db_file” (declared on line 12) conflicts with a pre-existing directory (.install4j). The startup script complains “/opt/openfire/.install4j is a directory.” Openfire’s installation directory is a reasonable choice for the home directory of a dedicated user (n.b., I haven’t gotten beyond the installation yet. I’m assuming it’s possible to run openfire as an unprivileged user.)

  3. On line 12 of bin/openfire “$db_file” is set to “$HOME/.install4j”, yet the value “$HOME/.install4j” is referred to directly in three different places later in the script (meaning that a user that choses to change the assignment of “$db_file” will get unexpected behavior.)

  4. It would be nice if it weren’t so much trouble to submit bugs. For example, would it be possible to allow anonymous users to post to a bug forum using CAPTCHAs? As far as I can determine, if a user wishes to report a bug, he’s must create an account first (…I could be wrong. I couldn’t find such a thing.)

Here’s a patch that addresses number’s 2 and 3 from above:

— openfire 2007-06-22 15:29:06.000000000 -0400

+++ openfire.new 2007-09-03 08:19:55.608542236 -0400

@@ -9,7 +9,7 @@

if [ -n “$INSTALL4J_NO_DB” ]; then

return 1

fi

  • db_file=$HOME/.install4j
  • db_file=$HOME/.install4j.db_file

if [ ! -f “$db_file” ]; then

return 1

fi

@@ -160,7 +160,7 @@

read file_jvm_home < “$app_home/.install4j/pref_jre.cfg”

test_jvm “$file_jvm_home”

if [ -z “$app_java_home” ] && [ $tested_jvm = “false” ]; then

  •    rm $HOME/.install4j
    
  •    rm $db_home
    

test_jvm “$file_jvm_home”

fi

fi

@@ -201,7 +201,7 @@

read file_jvm_home < “$app_home/.install4j/inst_jre.cfg”

test_jvm “$file_jvm_home”

if [ -z “$app_java_home” ] && [ $tested_jvm = “false” ]; then

  •    rm $HOME/.install4j
    
  •    rm $db_file
    

test_jvm “$file_jvm_home”

fi

fi

@@ -211,7 +211,7 @@

echo No suitable Java Virtual Machine could be found on your system.

echo The version of the JVM must be at least 1.5.

echo Please define INSTALL4J_JAVA_HOME to point to a suitable JVM.

  • echo You can also try to delete the JVM cache file $HOME/.install4j
  • echo You can also try to delete the JVM cache file $db_file

exit 83

fi

Hi,

the bug tracking system is a closed one, so even if you create a JIRA account you can not report bugs, one should do this in this forum here.

I guess that no one had the idea of using a longer password, I see little benefit in using a lot of characters. One should probably configure the database server to make sure that only the Openfire server and the DBA can connect and that after n failed logins the account will be locked. So there’s little need in a very long password.

I did create JM-1108 for the script issue while you may want to edit you post and use … around your patch - see http://www.igniterealtime.org/community/markuphelpfull.jspa - so one can read it.

LG