From issues-return-4102-apmail-continuum-issues-archive=continuum.apache.org@continuum.apache.org Wed Aug 12 02:29:22 2009 Return-Path: Delivered-To: apmail-continuum-issues-archive@www.apache.org Received: (qmail 7820 invoked from network); 12 Aug 2009 02:29:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Aug 2009 02:29:22 -0000 Received: (qmail 10562 invoked by uid 500); 12 Aug 2009 02:29:29 -0000 Delivered-To: apmail-continuum-issues-archive@continuum.apache.org Received: (qmail 10516 invoked by uid 500); 12 Aug 2009 02:29:29 -0000 Mailing-List: contact issues-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@continuum.apache.org Delivered-To: mailing list issues@continuum.apache.org Received: (qmail 10506 invoked by uid 99); 12 Aug 2009 02:29:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2009 02:29:29 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=HTTP_ESCAPED_HOST,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [63.246.2.115] (HELO codehaus01.managed.contegix.com) (63.246.2.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2009 02:29:19 +0000 Received: from codehaus01.managed.contegix.com (localhost.localdomain [127.0.0.1]) by codehaus01.managed.contegix.com (Postfix) with ESMTP id 675B515E93DA for ; Tue, 11 Aug 2009 21:28:59 -0500 (CDT) Message-ID: <12098765.211401250044139421.JavaMail.haus-jira@codehaus01.managed.contegix.com> Date: Tue, 11 Aug 2009 21:28:59 -0500 (CDT) From: "Maria Catherine Tan (JIRA)" To: issues@continuum.apache.org Subject: [jira] Reopened: (CONTINUUM-2240) Passwords are exposed in request log In-Reply-To: <15342641.15611243004202408.JavaMail.haus-jira@codehaus01.managed.contegix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 4e90ceb663894a42f12c0e28abbab431 X-Virus-Checked: Checked by ClamAV on apache.org [ http://jira.codehaus.org/browse/CONTINUUM-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Maria Catherine Tan reopened CONTINUUM-2240: -------------------------------------------- > Passwords are exposed in request log > ------------------------------------ > > Key: CONTINUUM-2240 > URL: http://jira.codehaus.org/browse/CONTINUUM-2240 > Project: Continuum > Issue Type: Bug > Affects Versions: 1.3.3 > Environment: 1.3.3-SNAPSHOT r777534 > Reporter: Wendy Smoak > Assignee: Maria Catherine Tan > Fix For: 1.3.4 > > > Subversion passwords are exposed in plain text in the request log when adding a project, for example: > 2009_05_22.request.log:0:0:0:0:0:0:0:1%0 - - [22/May/2009:14:45:32 +0000] "GET /continuum/addMavenTwoProject.action?scmUsername=wsmoak&__checkbox_scmUseCache=true&__checkbox_nonRecursiveProject=true&buildDefinitionTemplateId=-1&m2PomUrl=http%3A%2F%2Fsvn.apache.org%2Frepos%2Fasf%2Fcontinuum%2Fsandbox%2Fsimple-example%2Fpom.xml&scmPassword=mypassw0rd&selectedProjectGroup=-1 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10" > I assume this is a Jetty log file that we can't do anything about. If so, we need to document how to turn off this logging, or perhaps leave it off by default and document how to turn it on if needed. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira