You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Sujitha Chinnathambi (JIRA)" <ji...@apache.org> on 2017/02/01 13:30:51 UTC
[jira] [Created] (HTTPCLIENT-1811) Security : Authorization header
should not be printed in debug log
Sujitha Chinnathambi created HTTPCLIENT-1811:
------------------------------------------------
Summary: Security : Authorization header should not be printed in debug log
Key: HTTPCLIENT-1811
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1811
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (async)
Reporter: Sujitha Chinnathambi
Attachments: httpclient.patch
Current behaviour : When https call is made with basic authentication with debug mode, authorization information which is transfered part of 'Authorization' header is getting printed in log in below artifact
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.6</version>
Example :
org.apache.http.wire - [] >> "Authorization: Basic VEVTVCBLSCAwMS9TQ0hVTFVORzpzY2h1bHVuZw==[\r][\n]"
org.apache.http.headers - [] >> Authorization: Basic VEVTVCBLSCAwMS9TQ0hVTFVORzpzY2h1bHVuZw==
Expected behaiour:
Though log level is debug, authorization information should not be printed in log.
Attached httpclient.patch as proposal.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org