Return-Path: 
 <dev-return-16650-apmail-openjpa-dev-archive=openjpa.apache.org@openjpa.apache.org>
Delivered-To: apmail-openjpa-dev-archive@www.apache.org
Received: (qmail 5538 invoked from network); 10 Jun 2010 16:01:41 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 10 Jun 2010 16:01:41 -0000
Received: (qmail 12905 invoked by uid 500); 10 Jun 2010 16:01:41 -0000
Delivered-To: apmail-openjpa-dev-archive@openjpa.apache.org
Received: (qmail 12851 invoked by uid 500); 10 Jun 2010 16:01:41 -0000
Mailing-List: contact dev-help@openjpa.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@openjpa.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@openjpa.apache.org>
List-Post: <mailto:dev@openjpa.apache.org>
List-Id: <dev.openjpa.apache.org>
Reply-To: dev@openjpa.apache.org
Delivered-To: mailing list dev@openjpa.apache.org
Received: (qmail 12840 invoked by uid 99); 10 Jun 2010 16:01:40 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jun 2010 16:01:40 +0000
X-ASF-Spam-Status: No, hits=-1511.4 required=10.0
	tests=ALL_TRUSTED,AWL
X-Spam-Check-By: apache.org
Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jun 2010 16:01:39 +0000
Received: from thor (localhost [127.0.0.1])
	by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o5AG1J1e000734
	for <dev@openjpa.apache.org>; Thu, 10 Jun 2010 16:01:19 GMT
Message-ID: <25522716.23791276185679863.JavaMail.jira@thor>
Date: Thu, 10 Jun 2010 12:01:19 -0400 (EDT)
From: "Michael Dick (JIRA)" <jira@apache.org>
To: dev@openjpa.apache.org
Subject: [jira] Updated: (OPENJPA-1678) SQL Parameter values may contain
 sensitive information and should not be logged by default.
In-Reply-To: <17391932.134561275496596201.JavaMail.jira@thor>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Dick updated OPENJPA-1678:
----------------------------------

    Attachment:     (was: OPENJPA-1678-openjpa.Log.1.2.x.patch.txt)

> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
>                 Key: OPENJPA-1678
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-1678
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
>            Reporter: Michael Dick
>            Assignee: Michael Dick
>             Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production. 
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.