Qpid
  1. Qpid
  2. QPID-3764

QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.15
    • Component/s: JCA
    • Labels:
      None
    • Environment:

      All OS platforms, all supported JEE platforms.

      Description

      In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

      1. QPID-3764.patch
        2 kB
        Weston M. Price

        Activity

          People

          • Assignee:
            Weston M. Price
            Reporter:
            Weston M. Price
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development