cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6824) Logs output User Password In Plain Text at INFO level
Date Tue, 08 Mar 2016 15:53:40 GMT

    [ https://issues.apache.org/jira/browse/CXF-6824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15185123#comment-15185123
] 

Colm O hEigeartaigh commented on CXF-6824:
------------------------------------------

Where is it being logged? 

> Logs output User Password In Plain Text at INFO level
> -----------------------------------------------------
>
>                 Key: CXF-6824
>                 URL: https://issues.apache.org/jira/browse/CXF-6824
>             Project: CXF
>          Issue Type: Bug
>          Components: logging
>    Affects Versions: 2.7.16
>         Environment: Windows server, Java 8 and Apache CXF 2.7.16.
>            Reporter: Qi Lu
>
> In a http soap webservice call, the user password was output in plain text in the log
at INFO level. This leads to security concerns of the application building on top it. User
password is very sensitive information, it should not be at the INFO log level.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message