camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <>
Subject [jira] [Resolved] (CAMEL-7670) Apache Camel prints unencrypted password to log files during DEBUG log level.
Date Fri, 08 Aug 2014 05:52:12 GMT


Claus Ibsen resolved CAMEL-7670.

    Resolution: Won't Fix
      Assignee: Claus Ibsen

> Apache Camel prints unencrypted password to log files during DEBUG log level.
> -----------------------------------------------------------------------------
>                 Key: CAMEL-7670
>                 URL:
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-core
>    Affects Versions: 2.13.1
>            Reporter: Ishara
>            Assignee: Claus Ibsen
>            Priority: Blocker
>              Labels: security
> Bug scenario includes a route which has a password set to it.
> In addition to other values set to route, password is set in plain text.
> And when the schedules are started, camel log printes the password to log during DEBUG
> During INFO level this does not happen.But what we need is DEBUG level to show the password,
but with masking facility.
> Below is how password is shown in 2 places in the log when camel is running.
> 2014-08-07 17:50:54 DEBUG [tid=colkvm15-140807174358079-1768700077-19-28] [FileTransferAgent]
org.apache.camel.util.IntrospectionSupport - Configured property: password on bean: /data/Test1
with value: myPassword123
> org.apache.camel:context=camel-1-1,type=endpoints,name="s\?antInclude=\*.txt&autoCreate=false&idempotent=true&idempotentKey=%24%7Bfile%3Asize%7D%2C%24%7Bfile%3Amodified%7D%2CTest1%2C%24%7Bfile%3Aname%7D&idempotentRepository=%23fileTransferRepo&localWorkDirectory=%2Fdata%2FTest2%2F.inprogress&move=transferred&password=\myPassword123&scheduledExecutorService=%23ftsThreadPool&scheduler=spring&scheduler.cron=0%2F30+\*+\*+\*+\*+%3F&sendEmptyMessageWhenIdle=true&startingDirectoryMustExist=true
> I am using Log4j for logging configurations in my application. My camel version is 2.13.1

> Is there any way to avoid this?

This message was sent by Atlassian JIRA

View raw message