Qpid
  1. Qpid
  2. QPID-3764

QpidResourceAdapter, ConnectionFactoryProperties prints connection URL in trace logs that may contain password info

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.15
    • Component/s: JCA
    • Labels:
      None
    • Environment:

      All OS platforms, all supported JEE platforms.

      Description

      In a few of the JCA classes we are printing the connectionURL to the logs when setting the value. The connection URL may contain password info. These statements should be removed for security.

      1. QPID-3764.patch
        2 kB
        Weston M. Price

        Activity

        Hide
        Weston M. Price added a comment -

        Patch to mask password in connectionURL in log files. Added utility method in Util.java to make this easier.

        Show
        Weston M. Price added a comment - Patch to mask password in connectionURL in log files. Added utility method in Util.java to make this easier.
        Hide
        Weston M. Price added a comment -

        Updating component.

        Show
        Weston M. Price added a comment - Updating component.
        Hide
        Weston M. Price added a comment -

        Fixed with attached patch.

        Show
        Weston M. Price added a comment - Fixed with attached patch.

          People

          • Assignee:
            Weston M. Price
            Reporter:
            Weston M. Price
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development