You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Weston M. Price (Created) (JIRA)" <ji...@apache.org> on 2012/01/17 16:51:41 UTC

[jira] [Created] (QPID-3764) QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info
-------------------------------------------------------------------------------------------------------------------

                 Key: QPID-3764
                 URL: https://issues.apache.org/jira/browse/QPID-3764
             Project: Qpid
          Issue Type: Bug
         Environment: All OS platforms, all supported JEE platforms.
            Reporter: Weston M. Price
            Assignee: Weston M. Price
             Fix For: 0.15


In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

[jira] [Updated] (QPID-3764) QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

Posted by "Weston M. Price (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/QPID-3764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Weston M. Price updated QPID-3764:
----------------------------------

    Component/s: JCA

Updating component.
                
> QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-3764
>                 URL: https://issues.apache.org/jira/browse/QPID-3764
>             Project: Qpid
>          Issue Type: Bug
>          Components: JCA
>         Environment: All OS platforms, all supported JEE platforms.
>            Reporter: Weston M. Price
>            Assignee: Weston M. Price
>             Fix For: 0.15
>
>         Attachments: QPID-3764.patch
>
>
> In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

[jira] [Resolved] (QPID-3764) QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

Posted by "Weston M. Price (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/QPID-3764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Weston M. Price resolved QPID-3764.
-----------------------------------

    Resolution: Fixed

Fixed with attached patch.
                
> QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-3764
>                 URL: https://issues.apache.org/jira/browse/QPID-3764
>             Project: Qpid
>          Issue Type: Bug
>          Components: JCA
>         Environment: All OS platforms, all supported JEE platforms.
>            Reporter: Weston M. Price
>            Assignee: Weston M. Price
>             Fix For: 0.15
>
>         Attachments: QPID-3764.patch
>
>
> In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

[jira] [Updated] (QPID-3764) QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

Posted by "Weston M. Price (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/QPID-3764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Weston M. Price updated QPID-3764:
----------------------------------

    Attachment: QPID-3764.patch

Patch to mask password in connectionURL in log files. Added utility method in Util.java to make this easier.
                
> QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-3764
>                 URL: https://issues.apache.org/jira/browse/QPID-3764
>             Project: Qpid
>          Issue Type: Bug
>         Environment: All OS platforms, all supported JEE platforms.
>            Reporter: Weston M. Price
>            Assignee: Weston M. Price
>             Fix For: 0.15
>
>         Attachments: QPID-3764.patch
>
>
> In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org