continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak (JIRA)" <>
Subject [jira] Created: (CONTINUUM-2240) Passwords are exposed in request log
Date Fri, 22 May 2009 14:56:42 GMT
Passwords are exposed in request log

                 Key: CONTINUUM-2240
             Project: Continuum
          Issue Type: Bug
    Affects Versions: 1.3.3
         Environment: 1.3.3-SNAPSHOT r777534
            Reporter: Wendy Smoak

Subversion passwords are exposed in plain text in the request log when adding a project, for

2009_05_22.request.log:0:0:0:0:0:0:0:1%0 -  -  [22/May/2009:14:45:32 +0000] "GET /continuum/addMavenTwoProject.action?scmUsername=wsmoak&__checkbox_scmUseCache=true&__checkbox_nonRecursiveProject=true&buildDefinitionTemplateId=-1&
HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv: Gecko/2009042315

I assume this is a Jetty log file that we can't do anything about.  If so, we need to document
how to turn off this logging, or perhaps leave it off by default and document how to turn
it on if needed.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message