camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ales Dolecek (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CAMEL-3980) Exception message contains plaintext password
Date Tue, 17 May 2011 10:17:47 GMT
Exception message contains plaintext password
---------------------------------------------

                 Key: CAMEL-3980
                 URL: https://issues.apache.org/jira/browse/CAMEL-3980
             Project: Camel
          Issue Type: Improvement
          Components: camel-ftp
    Affects Versions: 2.6.0
         Environment: Configured via Spring
            Reporter: Ales Dolecek


The exception thrown by RemoteFilePollingConsumerPollStrategy shows URI and shows password
in plaintext. Since we report ERROR and WARN messages from logs to external destinations (SNMP
and mail) the password leaves the system and we are loosing control over its spread across
enterprise. I decided to mark this as major issue since it is security related. I have found
other issue #CAMEL-3099 related to cleartext passwords in log files. It is closed however
- don't know if I should try to reopen it.

Here is sample log (the username and password parameters were altered):

2011-05-16 22:35:07,210 WARN  [FtpConsumer] File operation failed:  Software caused connection
abort: socket write error. Code: 250
2011-05-16 22:35:07,210 WARN  [RemoteFilePollingConsumerPollStrategy] Consumer Consumer[ftp://172.23.224.92//usr4/account?binary=true&delay=900000&filter=%23taxFileFilter&idempotentRepository=%23dac1Checker&maxMessagesPerPoll=1&noop=true&password=myPassword&username=myAccount]
could not poll endpoint: ftp://172.23.224.92//usr4/account?binary=true&delay=900000&filter=%23taxFileFilter&idempotentRepository=%23dac1Checker&maxMessagesPerPoll=1&noop=true&password=myPassword&username=myAccount
caused by: File operation failed:  Software caused connection abort: recv failed. Code: 250
org.apache.camel.component.file.GenericFileOperationFailedException: File operation failed:
 Software caused connection abort: recv failed. Code: 250
	at org.apache.camel.component.file.remote.FtpOperations.getCurrentDirectory(FtpOperations.java:548)
	at org.apache.camel.component.file.remote.FtpConsumer.pollDirectory(FtpConsumer.java:43)
	at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:83)
	at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:97)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)
	at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(Unknown
Source)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(Unknown
Source)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source) Caused by: java.net.SocketException: Software caused
connection abort: recv failed
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(Unknown Source)
	at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:294)
	at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:490)
	at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534)
	at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:583)
	at org.apache.commons.net.ftp.FTP.pwd(FTP.java:1270)
	at org.apache.commons.net.ftp.FTPClient.printWorkingDirectory(FTPClient.java:1800)
	at org.apache.camel.component.file.remote.FtpOperations.getCurrentDirectory(FtpOperations.java:546)
	... 12 more

Ales

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message