You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ctakes.apache.org by "Sean Finan (JIRA)" <ji...@apache.org> on 2017/09/26 20:37:02 UTC

[jira] [Commented] (CTAKES-455) Password shown in clear in logs

    [ https://issues.apache.org/jira/browse/CTAKES-455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181530#comment-16181530 ] 

Sean Finan commented on CTAKES-455:
-----------------------------------

Hi Alex,
The attached diff does not apply to the logged bug.  It only removes the display of whichever reminder constant was used : "CHANGEME" or "CHANGE_ME".  It does not change the display of invalid passwords as applies to the bug report.

> Password shown in clear in logs
> -------------------------------
>
>                 Key: CTAKES-455
>                 URL: https://issues.apache.org/jira/browse/CTAKES-455
>             Project: cTAKES
>          Issue Type: Bug
>            Reporter: Alex Zbarcea
>         Attachments: no-password-in-logs.CTAKES-455.svn.patch
>
>
> When authentication to UMLS fails, the error shows the passwords used.
> {code}
> $ ./bin/runctakesCVD.sh -desc desc/ctakes-clinical-pipeline/desc/analysis_engine/AggregatePlaintextFastUMLSProcessor.xml
> (...)
> 03 Sep 2017 10:35:49 ERROR UmlsUserApprover -   UMLS Account at https://uts-ws.nlm.nih.gov/restful/isValidUMLSUser is not valid for user ###### with ######
> {code}
> Not to log passwords is a security policy enforced in almost all production systems (more [here|https://security.stackexchange.com/questions/52047/should-i-log-wrong-passwords])



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)