[HTTPCLIENT-1922] org.apache.http.wire package is printing sensitive information in debug - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Invalid
Affects Version/s: None
Fix Version/s: None
Component/s: HttpClient (Windows)
Labels:
None
Environment:
Windows, linux

Flags:

Important

Description

Hi,

We are using httpclient-4.3.6.jar for connecting to web service. Data being sent for authentication is sensitive data containing private keys used for authentication. But when i enable debug level logging for my connection, org.apache.http.wire is this jar prints this sensitive information in log. How can I disable this? Is this known issue?

This can be major security issue as somebody can easily get sensitive information in logs this way.

Thanks,

Vijay

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Vijay Jamadade

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/May/18 13:00

Updated:: 11/May/18 13:48

Resolved:: 10/May/18 14:19