mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Abramovich (JIRA)" <j...@apache.org>
Subject [jira] Created: (FTPSERVER-120) FtpServer should not log passwords in clear text.
Date Tue, 01 Apr 2008 22:13:24 GMT
FtpServer should not log passwords in clear text.
-------------------------------------------------

                 Key: FTPSERVER-120
                 URL: https://issues.apache.org/jira/browse/FTPSERVER-120
             Project: FtpServer
          Issue Type: Bug
            Reporter: Daniel Abramovich
            Priority: Minor


Those log statements are logged by the MINA logging filter and there's
not much we can do about that one (expect for not including in the
default setup). We could roll our own logging filter that takes out
the password. Please file a JIRA ticket and I'll take care of it.

/niklas


> Hi,
>
>
>
>  I'd like to make a suggestion that passwords not be logged in clear
>  text. For example:
>
>
>
>  Thu Mar 27 2008 00:06:08,762 EDT INFO
>  org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
>  [/10.6.20.226:63995] RECEIVED: PASS admin
>
>
>
>  We find the protocol logging to be useful, but logging of passwords will
>  make security folks unhappy. Perhaps, it could just log ******* or
>  somesuch?
>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message