FtpServer should not log passwords in clear text.
-------------------------------------------------
Key: FTPSERVER-120
URL: https://issues.apache.org/jira/browse/FTPSERVER-120
Project: FtpServer
Issue Type: Bug
Reporter: Daniel Abramovich
Priority: Minor
Those log statements are logged by the MINA logging filter and there's
not much we can do about that one (expect for not including in the
default setup). We could roll our own logging filter that takes out
the password. Please file a JIRA ticket and I'll take care of it.
/niklas
> Hi,
>
>
>
> I'd like to make a suggestion that passwords not be logged in clear
> text. For example:
>
>
>
> Thu Mar 27 2008 00:06:08,762 EDT INFO
> org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
> [/10.6.20.226:63995] RECEIVED: PASS admin
>
>
>
> We find the protocol logging to be useful, but logging of passwords will
> make security folks unhappy. Perhaps, it could just log ******* or
> somesuch?
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
