continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak (JIRA)" <j...@codehaus.org>
Subject [jira] Commented: (CONTINUUM-1914) Passwords are exposed in continuum.log
Date Thu, 02 Oct 2008 00:28:08 GMT

    [ http://jira.codehaus.org/browse/CONTINUUM-1914?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=149582#action_149582
] 

Wendy Smoak commented on CONTINUUM-1914:
----------------------------------------

Work on the CONTINUUM-1721 branch seems headed towards changing method signatures so we pass
around the url separately from the userid and password.

I haven't looked to see where this is coming from exactly, but if that happens, we can probably
log the url without the credentials.

Meanwhile, we need to change or comment out this log statement.

> Passwords are exposed in continuum.log
> --------------------------------------
>
>                 Key: CONTINUUM-1914
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-1914
>             Project: Continuum
>          Issue Type: Bug
>    Affects Versions: 1.3
>         Environment: Continuum 1.3-SNAPSHOT r700970
> Mac OS X
>            Reporter: Wendy Smoak
>            Priority: Critical
>
> When adding a m2 project using a url to the pom file, I see this in the log:
> 2008-10-01 16:58:03,541 [addMavenTwoProjectBackgroundThread] INFO  continuumProjectBuilder#maven-two-builder
 - Downloading https://wsmoak:PASSWORD@example.com/svn/wsmoak/hello/trunk/pom.xml
> (where PASSWORD was my *actual* password.)
> Passwords should be masked in the log files.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message