Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-3764

QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.15
    • Component/s: JCA
    • Labels:
      None
    • Environment:

      All OS platforms, all supported JEE platforms.

      Description

      In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

        Attachments

        1. QPID-3764.patch
          2 kB
          Weston M. Price

          Activity

            People

            • Assignee:
              wprice Weston M. Price
              Reporter:
              wprice Weston M. Price
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: