You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2015/12/10 23:19:11 UTC
[jira] [Commented] (GEODE-503) Geode can leak SSL keystore password
via the log file
[ https://issues.apache.org/jira/browse/GEODE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15051751#comment-15051751 ]
ASF subversion and git services commented on GEODE-503:
-------------------------------------------------------
Commit 11c62f232014d4c93cf3c625b31b1a3139613818 in incubator-geode's branch refs/heads/develop from Vince Ford
[ https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;h=11c62f2 ]
GEODE-503: Addresses config passwords written to logs
Prevents configuration passwords from being written to log files
for keystores used by SSL or any config parameter with the
keyword password in its name.
Adds unit test to validate AbstractConfigJUnitTest
> Geode can leak SSL keystore password via the log file
> -----------------------------------------------------
>
> Key: GEODE-503
> URL: https://issues.apache.org/jira/browse/GEODE-503
> Project: Geode
> Issue Type: Bug
> Components: core
> Reporter: Vincent Ford
> Assignee: Vincent Ford
> Attachments: AbstractConfigJUnitTest.java
>
>
> KeyStore password can be leaked via the log file, as this may get printed and is unintended. This could cause a security issue for some users by leaking information that could allow access to the keystore holding the SSL certificate used to validate connections between members.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)