cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Qi Lu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6824) Logs output User Password In Plain Text at INFO level
Date Tue, 08 Mar 2016 15:40:41 GMT
Qi Lu created CXF-6824:
--------------------------

             Summary: Logs output User Password In Plain Text at INFO level
                 Key: CXF-6824
                 URL: https://issues.apache.org/jira/browse/CXF-6824
             Project: CXF
          Issue Type: Bug
          Components: logging
    Affects Versions: 2.7.16
         Environment: Windows server, Java 8 and Apache CXF 2.7.16.
            Reporter: Qi Lu


In a http soap webservice call, the user password was output in plain text in the log at INFO
level. This leads to security concerns of the application building on top it. User password
is very sensitive information, it should not be at the INFO log level.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message