You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Daniel Abramovich (JIRA)" <ji...@apache.org> on 2008/04/02 00:13:24 UTC
[jira] Created: (FTPSERVER-120) FtpServer should not log passwords
in clear text.
FtpServer should not log passwords in clear text.
-------------------------------------------------
Key: FTPSERVER-120
URL: https://issues.apache.org/jira/browse/FTPSERVER-120
Project: FtpServer
Issue Type: Bug
Reporter: Daniel Abramovich
Priority: Minor
Those log statements are logged by the MINA logging filter and there's
not much we can do about that one (expect for not including in the
default setup). We could roll our own logging filter that takes out
the password. Please file a JIRA ticket and I'll take care of it.
/niklas
> Hi,
>
>
>
> I'd like to make a suggestion that passwords not be logged in clear
> text. For example:
>
>
>
> Thu Mar 27 2008 00:06:08,762 EDT INFO
> org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
> [/10.6.20.226:63995] RECEIVED: PASS admin
>
>
>
> We find the protocol logging to be useful, but logging of passwords will
> make security folks unhappy. Perhaps, it could just log ******* or
> somesuch?
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (FTPSERVER-120) FtpServer should not log passwords
in clear text.
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-120.
---------------------------------------
Resolution: Fixed
Fix Version/s: 1.0-M2
Fixed, requires the latest MINA snapshot so make sure Maven upgrades when bullding.
commit -m "+ FtpLoggingFilter, specialized LoggingFilter for masking FTP password (FTPSERVER-120)" /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/filesystem/NativeFileSystemManager.java /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/filter /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/filter/FtpLoggingFilter.java /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java
Sending /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/filesystem/NativeFileSystemManager.java
Adding /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/filter
Adding /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/filter/FtpLoggingFilter.java
Sending /home/niklas/workspaces/apache/ftpserver/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java
Transmitting file data ...
Committed revision 645286.
> FtpServer should not log passwords in clear text.
> -------------------------------------------------
>
> Key: FTPSERVER-120
> URL: https://issues.apache.org/jira/browse/FTPSERVER-120
> Project: FtpServer
> Issue Type: Bug
> Reporter: Daniel Abramovich
> Assignee: Niklas Gustavsson
> Priority: Minor
> Fix For: 1.0-M2
>
>
> Those log statements are logged by the MINA logging filter and there's
> not much we can do about that one (expect for not including in the
> default setup). We could roll our own logging filter that takes out
> the password. Please file a JIRA ticket and I'll take care of it.
> /niklas
> > Hi,
> >
> >
> >
> > I'd like to make a suggestion that passwords not be logged in clear
> > text. For example:
> >
> >
> >
> > Thu Mar 27 2008 00:06:08,762 EDT INFO
> > org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
> > [/10.6.20.226:63995] RECEIVED: PASS admin
> >
> >
> >
> > We find the protocol logging to be useful, but logging of passwords will
> > make security folks unhappy. Perhaps, it could just log ******* or
> > somesuch?
> >
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (FTPSERVER-120) FtpServer should not log passwords
in clear text.
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson reassigned FTPSERVER-120:
-------------------------------------------
Assignee: Niklas Gustavsson
> FtpServer should not log passwords in clear text.
> -------------------------------------------------
>
> Key: FTPSERVER-120
> URL: https://issues.apache.org/jira/browse/FTPSERVER-120
> Project: FtpServer
> Issue Type: Bug
> Reporter: Daniel Abramovich
> Assignee: Niklas Gustavsson
> Priority: Minor
>
> Those log statements are logged by the MINA logging filter and there's
> not much we can do about that one (expect for not including in the
> default setup). We could roll our own logging filter that takes out
> the password. Please file a JIRA ticket and I'll take care of it.
> /niklas
> > Hi,
> >
> >
> >
> > I'd like to make a suggestion that passwords not be logged in clear
> > text. For example:
> >
> >
> >
> > Thu Mar 27 2008 00:06:08,762 EDT INFO
> > org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
> > [/10.6.20.226:63995] RECEIVED: PASS admin
> >
> >
> >
> > We find the protocol logging to be useful, but logging of passwords will
> > make security folks unhappy. Perhaps, it could just log ******* or
> > somesuch?
> >
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.