[Design of POJO Server] - Re: Masking passwords in logs - jboss-dev-forums

Friday, 10 October 2008

Why doesn't this solve the problem?
http://www.jboss.org/community/docs/DOC-9350
http://www.jboss.org/community/docs/DOC-9703

Even if you mask the password in the log, if it is an MBean attribute, it will
be visible via JMX (and the user has access).

Additionally since we recommend changing the log level to INFO
for production anyway, none of this will appear in the log.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4181548#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...