directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Albert van 't Hart (JIRA)" <>
Subject [jira] [Created] (DIRSERVER-2220) ApacheDS should not log credentials
Date Thu, 18 Jan 2018 07:37:00 GMT
Albert van 't Hart created DIRSERVER-2220:

             Summary: ApacheDS should not log credentials
                 Key: DIRSERVER-2220
             Project: Directory ApacheDS
          Issue Type: Bug
            Reporter: Albert van 't Hart

It is a bad practice to log credentials (e.g. LDAP bind request). There are several places
where bindContext is logged. See class *AuthenticatorInterceptor*:
{code:java}"Authenticator {} failed to authenticate: {}", authenticator, bindContext);{code}
{code:java}"Unexpected failure for Authenticator {} : {}", authenticator, bindContext);{code}
This will result in:

failed to authenticate: BindContext for Dn ',ou=vanadenovation', credentials
<0x6D 0x79 0x76 0x65 0x72 0x79 0x73 0x65 0x63 0x72 0x65 0x74 0x70 0x61 0x73 0x73 0x77 0x6F
0x72 0x64> 

This message was sent by Atlassian JIRA

View raw message