Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-5729

Audit log shows plaintext password for QueueView.sendTextMessage

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 5.11.1
    • 5.12.0
    • JMX
    • None

    Description

      Each AuditLogEntry dumps all arguments for the method call to the Audit log. Some of these arguments should not be logged as they may contain senstive information. For example QueueView.sendTextMessage contains user password information.

      Example Log Entry:
      anonymous called org.apache.activemq.broker.jmx.QueueView.sendTextMessage[String, admin, mypassword] at 04-03-2013 11:00:00

      Attachments

        Activity

          People

            Unassigned Unassigned
            martyntaylor Martyn Taylor
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: