Details
Major Description
The exception thrown by RemoteFilePollingConsumerPollStrategy shows URI and shows password in plaintext. Since we report ERROR and WARN messages from logs to external destinations (SNMP and mail) the password leaves the system and we are loosing control over its spread across enterprise. I decided to mark this as major issue since it is security related. I have found other issue #CAMEL-3099 related to cleartext passwords in log files. It is closed however - don't know if I should try to reopen it.
Here is sample log (the username and password parameters were altered):
2011-05-16 22:35:07,210 WARN [FtpConsumer] File operation failed: Software caused connection abort: socket write error. Code: 250 2011-05-16 22:35:07,210 WARN [RemoteFilePollingConsumerPollStrategy] Consumer Consumer[ftp://172.23.224.92//usr4/account?binary=true&delay=900000&filter=%23taxFileFilter&idempotentRepository=%23dac1Checker&maxMessagesPerPoll=1&noop=true&password=myPassword&username=myAccount] could not poll endpoint: ftp://172.23.224.92//usr4/account?binary=true&delay=900000&filter=%23taxFileFilter&idempotentRepository=%23dac1Checker&maxMessagesPerPoll=1&noop=true&password=myPassword&username=myAccount caused by: File operation failed: Software caused connection abort: recv failed. Code: 250 org.apache.camel.component.file.GenericFileOperationFailedException: File operation failed: Software caused connection abort: recv failed. Code: 250 at org.apache.camel.component.file.remote.FtpOperations.getCurrentDirectory(FtpOperations.java:548) at org.apache.camel.component.file.remote.FtpConsumer.pollDirectory(FtpConsumer.java:43) at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:83) at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:97) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source) at java.util.concurrent.FutureTask.runAndReset(Unknown Source) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(Unknown Source) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(Unknown Source) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(Unknown Source) at sun.nio.cs.StreamDecoder.readBytes(Unknown Source) at sun.nio.cs.StreamDecoder.implRead(Unknown Source) at sun.nio.cs.StreamDecoder.read(Unknown Source) at java.io.InputStreamReader.read(Unknown Source) at java.io.BufferedReader.fill(Unknown Source) at java.io.BufferedReader.readLine(Unknown Source) at java.io.BufferedReader.readLine(Unknown Source) at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:294) at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:490) at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534) at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:583) at org.apache.commons.net.ftp.FTP.pwd(FTP.java:1270) at org.apache.commons.net.ftp.FTPClient.printWorkingDirectory(FTPClient.java:1800) at org.apache.camel.component.file.remote.FtpOperations.getCurrentDirectory(FtpOperations.java:546) ... 12 more
Ales
