Return-Path: Delivered-To: apmail-continuum-issues-archive@www.apache.org Received: (qmail 98064 invoked from network); 2 Oct 2008 00:28:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Oct 2008 00:28:37 -0000 Received: (qmail 92215 invoked by uid 500); 2 Oct 2008 00:28:36 -0000 Delivered-To: apmail-continuum-issues-archive@continuum.apache.org Received: (qmail 92183 invoked by uid 500); 2 Oct 2008 00:28:35 -0000 Mailing-List: contact issues-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@continuum.apache.org Delivered-To: mailing list issues@continuum.apache.org Received: (qmail 92171 invoked by uid 99); 2 Oct 2008 00:28:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Oct 2008 17:28:35 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [63.246.2.115] (HELO codehaus01.managed.contegix.com) (63.246.2.115) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Oct 2008 00:27:34 +0000 Received: from codehaus01.managed.contegix.com (localhost.localdomain [127.0.0.1]) by codehaus01.managed.contegix.com (Postfix) with ESMTP id 2C0AD14A8011 for ; Wed, 1 Oct 2008 19:28:09 -0500 (CDT) Message-ID: <33070566.1222907288875.JavaMail.haus-jira@codehaus01.managed.contegix.com> Date: Wed, 1 Oct 2008 19:28:08 -0500 (CDT) From: "Wendy Smoak (JIRA)" To: issues@continuum.apache.org Subject: [jira] Commented: (CONTINUUM-1914) Passwords are exposed in continuum.log In-Reply-To: <8230321.1222905788707.JavaMail.haus-jira@codehaus01.managed.contegix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://jira.codehaus.org/browse/CONTINUUM-1914?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=149582#action_149582 ] Wendy Smoak commented on CONTINUUM-1914: ---------------------------------------- Work on the CONTINUUM-1721 branch seems headed towards changing method signatures so we pass around the url separately from the userid and password. I haven't looked to see where this is coming from exactly, but if that happens, we can probably log the url without the credentials. Meanwhile, we need to change or comment out this log statement. > Passwords are exposed in continuum.log > -------------------------------------- > > Key: CONTINUUM-1914 > URL: http://jira.codehaus.org/browse/CONTINUUM-1914 > Project: Continuum > Issue Type: Bug > Affects Versions: 1.3 > Environment: Continuum 1.3-SNAPSHOT r700970 > Mac OS X > Reporter: Wendy Smoak > Priority: Critical > > When adding a m2 project using a url to the pom file, I see this in the log: > 2008-10-01 16:58:03,541 [addMavenTwoProjectBackgroundThread] INFO continuumProjectBuilder#maven-two-builder - Downloading https://wsmoak:PASSWORD@example.com/svn/wsmoak/hello/trunk/pom.xml > (where PASSWORD was my *actual* password.) > Passwords should be masked in the log files. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira