geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (GEODE-503) Geode can leak SSL keystore password via the log file
Date Thu, 10 Dec 2015 22:19:11 GMT


ASF subversion and git services commented on GEODE-503:

Commit 11c62f232014d4c93cf3c625b31b1a3139613818 in incubator-geode's branch refs/heads/develop
from Vince Ford
[;h=11c62f2 ]

GEODE-503: Addresses config passwords written to logs

Prevents configuration passwords from being written to log files
for keystores used by SSL or any config parameter with the
keyword password in its name.

Adds unit test to validate AbstractConfigJUnitTest

> Geode can leak SSL keystore password via the log file
> -----------------------------------------------------
>                 Key: GEODE-503
>                 URL:
>             Project: Geode
>          Issue Type: Bug
>          Components: core
>            Reporter: Vincent Ford
>            Assignee: Vincent Ford
>         Attachments:
> KeyStore password can be leaked via the log file, as this may get printed and is unintended.
This could cause a security issue for some users by leaking information that could allow access
to the keystore holding the SSL certificate used to validate connections between members.

This message was sent by Atlassian JIRA

View raw message