Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-3764

QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.15
    • Component/s: JCA
    • Labels:
      None
    • Environment:

      All OS platforms, all supported JEE platforms.

      Description

      In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

      1. QPID-3764.patch
        2 kB
        Weston M. Price

        Activity

        Hide
        wprice Weston M. Price added a comment -

        Patch to mask password in connectionURL in log files. Added utility method in Util.java to make this easier.

        Show
        wprice Weston M. Price added a comment - Patch to mask password in connectionURL in log files. Added utility method in Util.java to make this easier.
        Hide
        wprice Weston M. Price added a comment -

        Updating component.

        Show
        wprice Weston M. Price added a comment - Updating component.
        Hide
        wprice Weston M. Price added a comment -

        Fixed with attached patch.

        Show
        wprice Weston M. Price added a comment - Fixed with attached patch.

          People

          • Assignee:
            wprice Weston M. Price
            Reporter:
            wprice Weston M. Price
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development