qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-4352) Java client logs key_store_password/trust_store_password at debug
Date Sat, 29 Sep 2012 21:36:07 GMT
Keith Wall created QPID-4352:
--------------------------------

             Summary: Java client logs key_store_password/trust_store_password at debug
                 Key: QPID-4352
                 URL: https://issues.apache.org/jira/browse/QPID-4352
             Project: Qpid
          Issue Type: Bug
          Components: Java Client
            Reporter: Keith Wall
            Assignee: Keith Wall
             Fix For: 0.19


When run in DEBUG, the Qpid client logs the trust store/key store passwords to the log.  This
could present a security issue.

{noformat}
main 2012-09-29 22:32:54,558 DEBUG [apache.qpid.client.AMQConnection] Connection(1):amqp://guest:********@test/?brokerlist='tcp://localhost:15671?trust_store_password='password'&trust_store='test-profiles/test_resources/ssl/java_client_truststore.jks'&ssl_verify_hostname='true'&ssl='true'&key_store_password='password'&key_store='test-profiles/test_resources/ssl/java_client_keystore.jks''
{noformat}

The code should be changed to mask these passwords in the same fashion as the client's password.
 This change was made by QPID-1208.



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message