[jbosscache-issues] [JBoss JIRA] (JBCACHE-1612) JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs
Tom Fonteyne (Created) (JIRA)
jira-events at lists.jboss.org
Fri Dec 30 10:43:09 EST 2011
JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs
----------------------------------------------------------------------------------------------------
Key: JBCACHE-1612
URL: https://issues.jboss.org/browse/JBCACHE-1612
Project: JBoss Cache
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Cache loaders
Affects Versions: 3.2.8.GA
Environment: all
Reporter: Tom Fonteyne
Assignee: Manik Surtani
http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java
088 public Connection getConnection()
089 {
......
099 catch (SQLException e)
100 {
101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e);
So upon a connection error, the user/password will end up in the logfile in clear text
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosscache-issues
mailing list