[jira] [Resolved] (AMQ-5729) Audit log shows plaintext password for QueueView.sendTextMessage

[Martyn Taylor (JIRA)]

     [ 
https://issues.apache.org/jira/browse/AMQ-5729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martyn Taylor resolved AMQ-5729.
--------------------------------
       Resolution: Fixed
    Fix Version/s: 5.12.0

Fix Commit: a65ac586c203d08b6a68b07eedd7ae28a63b58a6

> Audit log shows plaintext password for QueueView.sendTextMessage
> ----------------------------------------------------------------
>
>                 Key: AMQ-5729
>                 URL: https://issues.apache.org/jira/browse/AMQ-5729
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: JMX
>    Affects Versions: 5.11.1
>            Reporter: Martyn Taylor
>             Fix For: 5.12.0
>
>
> Each AuditLogEntry dumps all arguments for the method call to the Audit log.  
> Some of these arguments should not be logged as they may contain senstive 
> information.  For example QueueView.sendTextMessage contains user password 
> information.
> Example Log Entry:
> anonymous called 
> org.apache.activemq.broker.jmx.QueueView.sendTextMessage[String, admin, 
> mypassword] at 04-03-2013 11:00:00



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)