[IVY-292] the vfs resolver should not log passwords - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4-RC1
Fix Version/s: 1.4-RC1
Component/s: None
Labels:
None
Environment:

Attempt to use the VFS resolver using WebDav, Windows XP, Java 1.4.1

Description

the vfs resolver (or the publish and resolve tasks) output this type of messages :

[ivy:publish] published ivy to webdav://admin:password_in_clear_text@dev-build:85/ivyrep/jayasoft/standalone.1/ivy.xml

[ivy:retrieve] vfs-resolver: tried webdav://admin:password_in_clear_text@dev-build:85/ivyrep/jayasoft/standalone.latest.integration/ivy.xml

I would suggest using regular expressions to find the passwords to put **** instead of password_in_clear_text.

The problem is that the continuous integration tools publish the logs to an Intranet (we are using AnthillPro, but I expect the same with CruiseControl), so the net effect would be that all the developers would know the password that only the build manager is supposed to know. Plus, if you are in a company with IT audit, the auditors are going to shred you into pieces when they see that.

Best regards, Ivy is a great tool !

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ASF.LICENSE.NOT.GRANTED--patch.txt
17/Nov/06 12:06
4 kB
Antoine Levy-Lambert

Activity

People

Assignee:: Xavier Hanin

Reporter:: Antoine Levy-Lambert

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Due:: 17/Nov/06

Created:: 11/Sep/06 08:10

Updated:: 17/Sep/06 18:23

Resolved:: 26/Nov/06 07:05