karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-3590) Don't log Passwords in clear text
Date Thu, 05 Mar 2015 13:43:38 GMT

    [ https://issues.apache.org/jira/browse/KARAF-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14348745#comment-14348745
] 

Hiram Chirino commented on KARAF-3590:
--------------------------------------

Created a pull request with initial impl at:
https://github.com/apache/karaf/pull/56

It uses pluggable regex filters to scrub out passwords before logging them.  Don't have regexes
implemented for ALL commands that hold passwords yet.

> Don't log Passwords in clear text
> ---------------------------------
>
>                 Key: KARAF-3590
>                 URL: https://issues.apache.org/jira/browse/KARAF-3590
>             Project: Karaf
>          Issue Type: Improvement
>            Reporter: Hiram Chirino
>            Assignee: Hiram Chirino
>             Fix For: 4.0.0
>
>
> If you enabled debug logging, shell commands get log.  Including any password arguments.
 This can be considered a bad thing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message