[jboss-jira] [JBoss JIRA] (JBMAN-97) Passwords are getting logged through org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment Class if we keep the logging level in debug mode.
Rahul Singh (JIRA)
jira-events at lists.jboss.org
Tue Apr 3 03:15:47 EDT 2012
[ https://issues.jboss.org/browse/JBMAN-97?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rahul Singh updated JBMAN-97:
-----------------------------
Description:
The passwords are getting logged in debug level For example we can see the below entries in logs
2012-03-08 12:21:28,108 DEBUG [org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment] [ main] setting property: XADataSourceProperties to value URL=jdbc:sqlserver://xxxxx:1433;databaseName=password;responseBuffering=full;SelectMethod=cursor;
User=sa
Password=root
After using datasource fragment in *.ds.xml
<xa-datasource-property name="User">${username}</xa-datasource-property>
<xa-datasource-property name="Password">${password}</xa-datasource-property>
Also tried using
<user-name>${username}</user-name>
<password>${password}</password>
Password is coming in plain text through debug logging.
was:
The passwords are getting logged in debug level For example we can see the below entries in logs
2012-03-08 12:21:28,108 DEBUG [org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment] [ main] setting property: XADataSourceProperties to value URL=jdbc:sqlserver://xxxxx:1433;databaseName=password;responseBuffering=full;SelectMethod=cursor;
User=sa
Password=root
Password is coming in plain text through debug logging.
> Passwords are getting logged through org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment Class if we keep the logging level in debug mode.
> --------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JBMAN-97
> URL: https://issues.jboss.org/browse/JBMAN-97
> Project: JBoss Managed
> Issue Type: Bug
> Reporter: Rahul Singh
> Priority: Critical
>
> The passwords are getting logged in debug level For example we can see the below entries in logs
> 2012-03-08 12:21:28,108 DEBUG [org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment] [ main] setting property: XADataSourceProperties to value URL=jdbc:sqlserver://xxxxx:1433;databaseName=password;responseBuffering=full;SelectMethod=cursor;
> User=sa
> Password=root
> After using datasource fragment in *.ds.xml
> <xa-datasource-property name="User">${username}</xa-datasource-property>
> <xa-datasource-property name="Password">${password}</xa-datasource-property>
> Also tried using
> <user-name>${username}</user-name>
> <password>${password}</password>
> Password is coming in plain text through debug logging.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list