geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anthony Baker (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (GEODE-503) Geode can leak SSL keystore password via the log file
Date Fri, 08 Jan 2016 01:34:40 GMT

     [ https://issues.apache.org/jira/browse/GEODE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Anthony Baker updated GEODE-503:
--------------------------------
    Fix Version/s:     (was: 1.0.0-incubating)
                   1.0.0-alpha1

> Geode can leak SSL keystore password via the log file
> -----------------------------------------------------
>
>                 Key: GEODE-503
>                 URL: https://issues.apache.org/jira/browse/GEODE-503
>             Project: Geode
>          Issue Type: Bug
>          Components: core
>            Reporter: Vincent Ford
>            Assignee: Vincent Ford
>             Fix For: 1.0.0-alpha1
>
>         Attachments: AbstractConfigJUnitTest.java
>
>
> KeyStore password can be leaked via the log file, as this may get printed and is unintended.
This could cause a security issue for some users by leaking information that could allow access
to the keystore holding the SSL certificate used to validate connections between members.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message