Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-1896

Update classes in org.apache.logging.log4j.core.net.ssl in APIs from String to char[] for passwords

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.10.0
    • Configurators
    • None

    Description

      Update org.apache.logging.log4j.core.net.ssl.StoreConfiguration from a String to char[] to represent its password.

      The goal is to reduce the security risk of using a String for a password. See https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LOG4J2-2059 Refactor classes in core.net.ssl to allow non-KeyStore Providers

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. LOG4J2-2054 Provide ways to configure SSL that avoid plain-text passwords in the log4j configuration

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. LOG4J2-1898 Update classes in org.apache.logging.log4j.core.net.ssl to the builder pattern

          • Major - Major loss of function.
          • Open

          Activity

            People

              rpopma Remko Popma
              ggregory Gary D. Gregory
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: