Return-Path: Delivered-To: apmail-continuum-issues-archive@www.apache.org Received: (qmail 45111 invoked from network); 26 Jul 2009 01:01:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 26 Jul 2009 01:01:16 -0000 Received: (qmail 99253 invoked by uid 500); 26 Jul 2009 01:02:21 -0000 Delivered-To: apmail-continuum-issues-archive@continuum.apache.org Received: (qmail 99203 invoked by uid 500); 26 Jul 2009 01:02:21 -0000 Mailing-List: contact issues-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@continuum.apache.org Delivered-To: mailing list issues@continuum.apache.org Received: (qmail 99192 invoked by uid 99); 26 Jul 2009 01:02:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Jul 2009 01:02:21 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [63.246.2.115] (HELO codehaus01.managed.contegix.com) (63.246.2.115) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Jul 2009 01:02:11 +0000 Received: from codehaus01.managed.contegix.com (localhost.localdomain [127.0.0.1]) by codehaus01.managed.contegix.com (Postfix) with ESMTP id 00F0714A81B6 for ; Sat, 25 Jul 2009 20:01:50 -0500 (CDT) Message-ID: <13106549.115241248570110930.JavaMail.haus-jira@codehaus01.managed.contegix.com> Date: Sat, 25 Jul 2009 20:01:50 -0500 (CDT) From: "Brett Porter (JIRA)" To: issues@continuum.apache.org Subject: [jira] Commented: (CONTINUUM-2314) Password is printed in logs in clear text when adding a project fails In-Reply-To: <10251042.114551248547070970.JavaMail.haus-jira@codehaus01.managed.contegix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 4e90ceb663894a42f12c0e28abbab431 X-Virus-Checked: Checked by ClamAV on apache.org [ http://jira.codehaus.org/browse/CONTINUUM-2314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=184886#action_184886 ] Brett Porter commented on CONTINUUM-2314: ----------------------------------------- so it is only shown if it is wrong? > Password is printed in logs in clear text when adding a project fails > --------------------------------------------------------------------- > > Key: CONTINUUM-2314 > URL: http://jira.codehaus.org/browse/CONTINUUM-2314 > Project: Continuum > Issue Type: Bug > Components: Security > Affects Versions: 1.3.3 > Reporter: Carlos Sanchez > Priority: Blocker > Fix For: 1.3.4 > > > I got this in the continuum log, I've changed the parameters to hide the info, but where I say PASSWORDINCLEARTEXT it had my password there > Actually it had a bad password with a typo (that's why I got unauthorized) but it was close enough to the real one > 2009-07-24 16:03:54,137 [addMavenTwoProjectBackgroundThread] INFO org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder - Downloading https://myusername:*****@svn.company.com/repos/pom.xml > 2009-07-24 16:03:55,392 [addMavenTwoProjectBackgroundThread] ERROR org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder - Error > adding project: Unauthorized https://myusername:PASSWORDINCLEARTEXT@svn.company.com/repos/pom.xml -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira