Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-6886

Hide sessionId in logs by default, show them using a properties

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Implemented
    • Trunk
    • 16.11.01
    • framework
    • None
    • Bug Crush Event - 21/2/2015

    Description

      There are few cases where we show the sessionId in logs (using UtilHttp.getSessionId() in or HttpSessionEvent.getSession().getId()) in other places)
      Despite we secured the log access at r1489461, I suggested on the dev ML a properties to opt in, false by default. I will apply as a lazy consensus.

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue OFBIZ-6872 Remove all sessionsIds put in URLs

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: