camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lorrin Nelson <>
Subject FTP endpoint is logging my password / proposed patch
Date Wed, 01 Sep 2010 20:21:46 GMT
Hi --

I'm fairly new to Camel, but my impression is that URIs with sensitive data are common and
that URIs are frequently logged. I bumped into this myself most recently with an FTP consumer.
I ended up with log messages like this:

RemoteFileProducer 2010-08-31 16:21:45,459 -- INFO -- Connected and logged in to: Endpoint[s]

I propose a sane-defaults patch of modifying's toString to sanitize the
URI by looking for URI params containing the tokens "password" or "passphrase" and rendering
their value as "*******" instead of the actual value. Obviously this isn't always the right
thing to do in every situation, but it seems appropriate for many endpoints. Any for which
it is not appropriate could override toString.

If folks like this idea I have a patch I'm happy to submit.

View raw message