camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CAMEL-7670) Apache Camel prints unencrypted password to log files during DEBUG log level.
Date Fri, 08 Aug 2014 05:52:12 GMT

     [ https://issues.apache.org/jira/browse/CAMEL-7670?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Claus Ibsen resolved CAMEL-7670.
--------------------------------

    Resolution: Won't Fix
      Assignee: Claus Ibsen

> Apache Camel prints unencrypted password to log files during DEBUG log level.
> -----------------------------------------------------------------------------
>
>                 Key: CAMEL-7670
>                 URL: https://issues.apache.org/jira/browse/CAMEL-7670
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-core
>    Affects Versions: 2.13.1
>            Reporter: Ishara
>            Assignee: Claus Ibsen
>            Priority: Blocker
>              Labels: security
>
> Bug scenario includes a route which has a password set to it.
> In addition to other values set to route, password is set in plain text.
> And when the schedules are started, camel log printes the password to log during DEBUG
level.
> During INFO level this does not happen.But what we need is DEBUG level to show the password,
but with masking facility.
> Below is how password is shown in 2 places in the log when camel is running.
> 2014-08-07 17:50:54 DEBUG [tid=colkvm15-140807174358079-1768700077-19-28] [FileTransferAgent]
org.apache.camel.util.IntrospectionSupport - Configured property: password on bean: /data/Test1
with value: myPassword123
> org.apache.camel:context=camel-1-1,type=endpoints,name="sftp://ih40329@testhost.com//data/Test1\?antInclude=\*.txt&autoCreate=false&idempotent=true&idempotentKey=%24%7Bfile%3Asize%7D%2C%24%7Bfile%3Amodified%7D%2CTest1%2C%24%7Bfile%3Aname%7D&idempotentRepository=%23fileTransferRepo&localWorkDirectory=%2Fdata%2FTest2%2F.inprogress&move=transferred&password=\myPassword123&scheduledExecutorService=%23ftsThreadPool&scheduler=spring&scheduler.cron=0%2F30+\*+\*+\*+\*+%3F&sendEmptyMessageWhenIdle=true&startingDirectoryMustExist=true
> I am using Log4j for logging configurations in my application. My camel version is 2.13.1

> Is there any way to avoid this?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message