qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Rudyy (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-3763) AMQConnectionDelegate_0_10 incorrectly prints password to log file
Date Mon, 23 Jan 2012 16:58:39 GMT

    [ https://issues.apache.org/jira/browse/QPID-3763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13191251#comment-13191251

Alex Rudyy commented on QPID-3763:

Hi Weston,

IMHO, with current implementation seeing  6 '*' characters for a password when Kerberos (or
any other non-password) authentication is used could be a bit misleading.

I would say that it could be more clear to either  
 mask each password characters with "*" char and display the exact number of "*" characters
as the number of characters in password
or stop printing password and any password mask characters.

What do you think about it?

> AMQConnectionDelegate_0_10 incorrectly prints password to log file
> ------------------------------------------------------------------
>                 Key: QPID-3763
>                 URL: https://issues.apache.org/jira/browse/QPID-3763
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>         Environment: All OS platforms.
>            Reporter: Weston M. Price
>            Assignee: Weston M. Price
>            Priority: Critical
>             Fix For: 0.15
>         Attachments: QPID-3763.patch
> The AMQConnectionDelegate_0_10 prints password information to the log file. This should
be replaced with the standard '******' pattern. Also, I think we should go through the JMS
client and determine if this is being done anywhere else. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

View raw message