activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martyn Taylor (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AMQ-5729) Audit log shows plaintext password for QueueView.sendTextMessage
Date Fri, 24 Apr 2015 15:25:38 GMT

     [ https://issues.apache.org/jira/browse/AMQ-5729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Martyn Taylor resolved AMQ-5729.
--------------------------------
       Resolution: Fixed
    Fix Version/s: 5.12.0

Fix Commit: a65ac586c203d08b6a68b07eedd7ae28a63b58a6

> Audit log shows plaintext password for QueueView.sendTextMessage
> ----------------------------------------------------------------
>
>                 Key: AMQ-5729
>                 URL: https://issues.apache.org/jira/browse/AMQ-5729
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: JMX
>    Affects Versions: 5.11.1
>            Reporter: Martyn Taylor
>             Fix For: 5.12.0
>
>
> Each AuditLogEntry dumps all arguments for the method call to the Audit log.  Some of
these arguments should not be logged as they may contain senstive information.  For example
QueueView.sendTextMessage contains user password information.
> Example Log Entry:
> anonymous called org.apache.activemq.broker.jmx.QueueView.sendTextMessage[String, admin,
mypassword] at 04-03-2013 11:00:00



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message