Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1922

org.apache.http.wire package is printing sensitive information in debug

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Invalid
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: HttpClient (Windows)
    • Labels:
      None
    • Environment:
      Windows, linux
    • Flags:
      Important

      Description

      Hi,

      We are using httpclient-4.3.6.jar for connecting to web service. Data being sent for authentication is sensitive data containing private keys used for authentication. But when i enable debug level logging for my connection, org.apache.http.wire is this jar prints this sensitive information in log. How can I disable this? Is this known issue? 

      This can be major security issue as somebody can easily get sensitive information in logs this way.

      Thanks,

      Vijay

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vijay-jamadade-sailpoint Vijay Jamadade
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: