[
https://issues.apache.org/jira/browse/DIRAPI-197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny resolved DIRAPI-197.
--------------------------------------
Resolution: Fixed
Fixed with http://svn.apache.org/r1612859
> When dumping a BindRequest, the password is exposed
> ---------------------------------------------------
>
> Key: DIRAPI-197
> URL: https://issues.apache.org/jira/browse/DIRAPI-197
> Project: Directory Client API
> Issue Type: Bug
> Affects Versions: 1.0.0-M23
> Reporter: Emmanuel Lecharny
> Priority: Blocker
> Fix For: 1.0.0-M24
>
>
> The BindRequestImpl.toString() metjod does print the password when in Simple
> mode (it's not the case when using SASL) :
> {code:java}
> if ( isSimple )
> {
> sb.append( " Simple authentication : '" ).append(
> Strings.utf8ToString( credentials ) )
> .append( '/' ).append( Strings.dumpBytes( credentials )
> ).append( "'\n" );
> }
> else
> {
> sb.append( " Sasl credentials\n" );
> sb.append( " Mechanism :'" ).append( mechanism
> ).append( "'\n" );
> if ( credentials == null )
> {
> sb.append( " Credentials : null" );
> }
> else
> {
> sb.append( " Credentials :
> (omitted-for-safety)" );
> }
> {code}
> This is absolutely wrong...
--
This message was sent by Atlassian JIRA
(v6.2#6252)
