Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-9310

On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs

    Details

    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String> nameSet, Boolean onlyIncludeOrSkip) method, following line of code prints username and password in logs when verbose is set to true.

      if (Debug.verboseOn())

      { Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module); Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); }

        Attachments

        1. OFBIZ-9310.patch
          0.7 kB
          Aditya Sharma

          Activity

            People

            • Assignee:
              jacques.le.roux Jacques Le Roux
              Reporter:
              aditya.sharma Aditya Sharma
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: