[
https://issues.apache.org/jira/browse/FTPSERVER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niklas Gustavsson reassigned FTPSERVER-120:
-------------------------------------------
Assignee: Niklas Gustavsson
> FtpServer should not log passwords in clear text.
> -------------------------------------------------
>
> Key: FTPSERVER-120
> URL: https://issues.apache.org/jira/browse/FTPSERVER-120
> Project: FtpServer
> Issue Type: Bug
> Reporter: Daniel Abramovich
> Assignee: Niklas Gustavsson
> Priority: Minor
>
> Those log statements are logged by the MINA logging filter and there's
> not much we can do about that one (expect for not including in the
> default setup). We could roll our own logging filter that takes out
> the password. Please file a JIRA ticket and I'll take care of it.
> /niklas
> > Hi,
> >
> >
> >
> > I'd like to make a suggestion that passwords not be logged in clear
> > text. For example:
> >
> >
> >
> > Thu Mar 27 2008 00:06:08,762 EDT INFO
> > org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler -
> > [/10.6.20.226:63995] RECEIVED: PASS admin
> >
> >
> >
> > We find the protocol logging to be useful, but logging of passwords will
> > make security folks unhappy. Perhaps, it could just log ******* or
> > somesuch?
> >
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
