qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-6724) Stop writing all usernames within an external password data to the log
Date Tue, 01 Sep 2015 21:09:45 GMT
Keith Wall created QPID-6724:
--------------------------------

             Summary: Stop writing all usernames within an external password data to the log
                 Key: QPID-6724
                 URL: https://issues.apache.org/jira/browse/QPID-6724
             Project: Qpid
          Issue Type: Bug
          Components: Java Broker
            Reporter: Keith Wall
            Priority: Minor


Currently the Java Broker on start-up, if using an PlainPasswordFile or Base64MD5PasswordFile
authentication provider, the names of all users contained within the password database are
logged at INFO to the log.  Even though their passwords are not revealed, this seems dubious:
it could still assist a a malicious person successfully compromise an account.







--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message