You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2018/05/10 13:25:00 UTC
[jira] [Resolved] (HTTPCLIENT-1922) org.apache.http.wire package is
printing sensitive information in debug
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1922.
-------------------------------------------
Resolution: Invalid
1. HttpClient 3.1 is no longer supported
2. Logging configuration has nothing to do with HttpClient. HttpClient relies on Commons Logging abstract APIs for its runtime logging. Configuration of a specific logging backend is application specific and is entirely up to the deployment team.
Oleg
> org.apache.http.wire package is printing sensitive information in debug
> -----------------------------------------------------------------------
>
> Key: HTTPCLIENT-1922
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1922
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (Windows)
> Environment: Windows, linux
> Reporter: Vijay Jamadade
> Priority: Minor
>
> Hi,
> We are using commons-httpclient.jar version-3.1 for connecting to web service. Data being sent for authentication is sensitive data containing private keys used for authentication. But when i enable debug level logging for my connection, org.apache.http.wire is this jar prints this sensitive information in log. How can I disable this? Is this known issue?
> This can be major security issue as somebody can easily get sensitive information in logs this way.
> Thanks,
> Vijay
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org