Before this starts a long thread..All I am trying to point out is that you should be aware that if you turn debug on, there is a chance that you could leave user credential information laying around in log files and that might be a less than ideal situation
deanhe01 wrote: > > As I was looking at log files yesterday I came across the following line: > > 2009-06-12 08:51:56,460 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormActio > n] - Binding allowed request parameters in map['lt' -> > '_c867CA912-466E-BBAE-EB9 > 4-E793532928A0_kC2CAEC2A-D940-9912-8EBA-3F93B9E1B586', 'service' -> > 'http://loca > lhost:8888/cornerstone-sso', '_eventId' -> 'submit', 'password' -> > 'y3x3.m4f', > 'submit' -> 'LOGIN', 'username' -> 'deanhe01'] to form object with name > 'credent > ials', pre-bind formObject toString = [username: null] > > Notice the bold. thats the password entered from the CAS login. Now I do > realize that I am running in debug mode and that you would not run a > production server in debug but, do we have to have the password right > there in plain text? > -- View this message in context: http://www.nabble.com/user-password-in-plalintext-in-cas.log-tp24001707p24001868.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
