JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs ---------------------------------------------------------------------------------------------------- Key: JBCACHE-1612 URL: https://issues.jboss.org/browse/JBCACHE-1612 Project: JBoss Cache Issue Type: Bug Security Level: Public (Everyone can see) Components: Cache loaders Affects Versions: 3.2.8.GA Environment: all Reporter: Tom Fonteyne Assignee: Manik Surtani http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jb... 088 public Connection getConnection() 089 { ...... 099 catch (SQLException e) 100 { 101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e); So upon a connection error, the user/password will end up in the logfile in clear text -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira