[AMQ-5729] Audit log shows plaintext password for QueueView.sendTextMessage - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.11.1
Fix Version/s: 5.12.0
Component/s: JMX
Labels:
None

Description

Each AuditLogEntry dumps all arguments for the method call to the Audit log. Some of these arguments should not be logged as they may contain senstive information. For example QueueView.sendTextMessage contains user password information.

Example Log Entry:
anonymous called org.apache.activemq.broker.jmx.QueueView.sendTextMessage[String, admin, mypassword] at 04-03-2013 11:00:00

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Martyn Taylor

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Apr/15 14:12

Updated:: 24/Apr/15 15:24

Resolved:: 24/Apr/15 15:24