-
Type:
Bug
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 1.0.0-M23
-
Fix Version/s: 1.0.0-M24
-
Labels:None
The BindRequestImpl.toString() metjod does print the password when in Simple mode (it's not the case when using SASL) :
if ( isSimple ) { sb.append( " Simple authentication : '" ).append( Strings.utf8ToString( credentials ) ) .append( '/' ).append( Strings.dumpBytes( credentials ) ).append( "'\n" ); } else { sb.append( " Sasl credentials\n" ); sb.append( " Mechanism :'" ).append( mechanism ).append( "'\n" ); if ( credentials == null ) { sb.append( " Credentials : null" ); } else { sb.append( " Credentials : (omitted-for-safety)" ); }
This is absolutely wrong...