mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niklas Gustavsson (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (FTPSERVER-120) FtpServer should not log passwords in clear text.
Date Fri, 04 Apr 2008 11:49:24 GMT

     [ https://issues.apache.org/jira/browse/FTPSERVER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Niklas Gustavsson reassigned FTPSERVER-120:
-------------------------------------------

    Assignee: Niklas Gustavsson

> FtpServer should not log passwords in clear text.
> -------------------------------------------------
>
>                 Key: FTPSERVER-120
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-120
>             Project: FtpServer
>          Issue Type: Bug
>            Reporter: Daniel Abramovich
>            Assignee: Niklas Gustavsson
>            Priority: Minor
>
> Those log statements are logged by the MINA logging filter and there's
> not much we can do about that one (expect for not including in the
> default setup). We could roll our own logging filter that takes out
> the password. Please file a JIRA ticket and I'll take care of it.
> /niklas
> > Hi,
> >
> >
> >
> >  I'd like to make a suggestion that passwords not be logged in clear
> >  text. For example:
> >
> >
> >
> >  Thu Mar 27 2008 00:06:08,762 EDT INFO
> >  org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
> >  [/10.6.20.226:63995] RECEIVED: PASS admin
> >
> >
> >
> >  We find the protocol logging to be useful, but logging of passwords will
> >  make security folks unhappy. Perhaps, it could just log ******* or
> >  somesuch?
> >

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message