qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lorenz Quack (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-7289) [Java Broker] SASL challenges and response should be masked in the log file
Date Thu, 02 Jun 2016 11:27:59 GMT
Lorenz Quack created QPID-7289:
----------------------------------

             Summary: [Java Broker] SASL challenges and response should be masked in the log
file
                 Key: QPID-7289
                 URL: https://issues.apache.org/jira/browse/QPID-7289
             Project: Qpid
          Issue Type: Bug
          Components: Java Broker
    Affects Versions: qpid-java-6.0.3, qpid-java-6.0, qpid-java-6.1
            Reporter: Lorenz Quack


The broker logs the SAL negotiation at DEBUG level. This includes the challenges and response
going between the client and the broker.
These contain potentially sensitive information (e.g., user credentials) and should therefore
be masked.

On AMQP 0-9 they are masked.
On AMQP 0-10 they are not masked.
I did not test 1.0




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message