Hi,
I agree with you but :
1- Even if I trust the administrator of this production environment, I'm not
beyond making a mistake : the administrator may be dishonest and then can
get the login and passwords and ruse them (the action he does awould then
appear as normal one).
2- In no system the administrator can see the password of a user. He can
only reset it (such an action produces a log).
3- I think the the JAAS realm is the only one which produces such logs. So
if it is normal why the other realms (JDBC, JNDI...) wouldn't do the same ?
Yann
>From: Tim Funk <funkman@joedog.org>
>Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
>To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
>Subject: Re: JAASCallbackHandler clear password in the log file
>Date: Mon, 24 Nov 2003 08:51:07 -0500
>
>IMO, no. In a production environment:
>1) The debug should not turned up that high
>2) If its a production box, file permissions as well as people able to log
>into the box should be trusted.
>
>
>-Tim
>
>Yann GUEVEL wrote:
>
>>Hi,
>>
>>if the debug level is > 3, the
>>org.apache.catalina.realm.JAASCallbackHandler.handle method writes in the
>>log file the login and password it received (tomcat 4.1.29
>>JAASCallbackHandler.java, line 155). So any people who can access the
>>machine on which Tomcat is running can see all the login and passwords
>>used. Isn't this unsafe ? Should'nt this log be removed ?
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
|