Qpid
  1. Qpid
  2. QPID-3764

QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.15
    • Component/s: JCA
    • Labels:
      None
    • Environment:

      All OS platforms, all supported JEE platforms.

      Description

      In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

      1. QPID-3764.patch
        2 kB
        Weston M. Price

        Activity

        Weston M. Price made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Weston M. Price made changes -
        Component/s JCA [ 12317036 ]
        Weston M. Price made changes -
        Field Original Value New Value
        Attachment QPID-3764.patch [ 12510863 ]
        Weston M. Price created issue -

          People

          • Assignee:
            Weston M. Price
            Reporter:
            Weston M. Price
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development