Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
1.0.0-M23
-
None
Description
The BindRequestImpl.toString() metjod does print the password when in Simple mode (it's not the case when using SASL) :
if ( isSimple ) { sb.append( " Simple authentication : '" ).append( Strings.utf8ToString( credentials ) ) .append( '/' ).append( Strings.dumpBytes( credentials ) ).append( "'\n" ); } else { sb.append( " Sasl credentials\n" ); sb.append( " Mechanism :'" ).append( mechanism ).append( "'\n" ); if ( credentials == null ) { sb.append( " Credentials : null" ); } else { sb.append( " Credentials : (omitted-for-safety)" ); }
This is absolutely wrong...