cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Anderson (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6262) LoggingInterceptor logs password when using UsernameToken with plaintext password
Date Wed, 18 Feb 2015 20:41:11 GMT
Mark Anderson created CXF-6262:
----------------------------------

             Summary: LoggingInterceptor logs password when using UsernameToken with plaintext
password
                 Key: CXF-6262
                 URL: https://issues.apache.org/jira/browse/CXF-6262
             Project: CXF
          Issue Type: Bug
    Affects Versions: 2.7.14
            Reporter: Mark Anderson


The LoggingInterceptor will log the password when UsernameToken with plaintext password is
used.

Could the password text be masked (even optionally) in the logging output as this could be
viewed as a security issue in some environments. For example https is used to protect the
password on the wire but it could then be intercepted by changing logging levels.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message