This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit b459d853750e3b8ddd15b97811439e650cadf208
Author: emmanuel lecharny <emmanuel.lecharny@busit.com>
AuthorDate: Wed Nov 6 15:32:01 2019 +0100
Remove the credentials from the toString() method (security breach)
---
.../server/core/api/interceptor/context/BindOperationContext.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/core-api/src/main/java/org/apache/directory/server/core/api/interceptor/context/BindOperationContext.java
b/core-api/src/main/java/org/apache/directory/server/core/api/interceptor/context/BindOperationContext.java
index 52eb221..918ae48 100644
--- a/core-api/src/main/java/org/apache/directory/server/core/api/interceptor/context/BindOperationContext.java
+++ b/core-api/src/main/java/org/apache/directory/server/core/api/interceptor/context/BindOperationContext.java
@@ -199,8 +199,7 @@ public class BindOperationContext extends AbstractOperationContext
@Override
public String toString()
{
- return "BindContext for Dn '" + getDn().getName() + "', credentials <"
- + ( credentials != null ? Strings.dumpBytes( credentials ) : "" ) + ">"
+ return "BindContext for Dn '" + getDn().getName()
+ ( saslMechanism != null ? ", saslMechanism : <" + saslMechanism + ">"
: "" )
+ ( saslAuthId != null ? ", saslAuthId <" + saslAuthId + ">" : "" );
}
|