Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-2220

ApacheDS should not log credentials

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0-M24
    • 2.0.0.AM25
    • None
    • None

    Description

      It is a bad practice to log credentials (e.g. LDAP bind request). There are several places where bindContext is logged. See class AuthenticatorInterceptor:

      LOG.info("Authenticator {} failed to authenticate: {}", authenticator, bindContext);
      LOG.info("Unexpected failure for Authenticator {} : {}", authenticator, bindContext);

      This will result in:

       

      failed to authenticate: BindContext for Dn 'uid=avthart@gmail.com,ou=vanadenovation', credentials <0x6D 0x79 0x76 0x65 0x72 0x79 0x73 0x65 0x63 0x72 0x65 0x74 0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64> 
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            albertvth Albert van 't Hart
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: