qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-6724) Stop writing all usernames within an external password data to the log
Date Tue, 01 Sep 2015 21:10:46 GMT

     [ https://issues.apache.org/jira/browse/QPID-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Keith Wall updated QPID-6724:
-----------------------------
    Fix Version/s: qpid-java-6.0

> Stop writing all usernames within an external password data to the log
> ----------------------------------------------------------------------
>
>                 Key: QPID-6724
>                 URL: https://issues.apache.org/jira/browse/QPID-6724
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Keith Wall
>            Priority: Minor
>             Fix For: qpid-java-6.0
>
>
> Currently the Java Broker on start-up, if using an PlainPasswordFile or Base64MD5PasswordFile
authentication provider, the names of all users contained within the password database are
logged at INFO to the log.  Even though their passwords are not revealed, this seems dubious:
it could still assist a a malicious person successfully compromise an account.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message