Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Invalid
-
None
-
None
-
None
-
Windows, linux
-
Important
Description
Hi,
We are using httpclient-4.3.6.jar for connecting to web service. Data being sent for authentication is sensitive data containing private keys used for authentication. But when i enable debug level logging for my connection, org.apache.http.wire is this jar prints this sensitive information in log. How can I disable this? Is this known issue?
This can be major security issue as somebody can easily get sensitive information in logs this way.
Thanks,
Vijay