[JCRVLT-175] Ensure RcpTask is clearing out sensitive data in toString statement - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.38
Fix Version/s: 3.1.40
Component/s: vlt
Labels:
None

Description

It would nice to prevent RcpTask#toString() to display credentials that might be provided as part of the URL (//<user>:<password>@<host>:<port>/<url-path> [0]).

[0] https://www.ietf.org/rfc/rfc1738.txt

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0002-Fix-information-disclosure-in-debug-statement-toStri.patch
26/Apr/17 07:41
1 kB
Alex Collignon
0001-Test-information-disclosure-in-debug-statement-toStr.patch
26/Apr/17 07:41
2 kB
Alex Collignon

Activity

People

Assignee:: Tobias Bocanegra

Reporter:: Alex Collignon

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Apr/17 07:38

Updated:: 26/Jun/17 02:51

Resolved:: 26/Apr/17 08:27