[
https://issues.apache.org/jira/browse/QPID-3763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13191251#comment-13191251
]
Alex Rudyy commented on QPID-3763:
----------------------------------
Hi Weston,
IMHO, with current implementation seeing 6 '*' characters for a password when
Kerberos (or any other non-password) authentication is used could be a bit
misleading.
I would say that it could be more clear to either
mask each password characters with "*" char and display the exact number of
"*" characters as the number of characters in password
or stop printing password and any password mask characters.
What do you think about it?
> AMQConnectionDelegate_0_10 incorrectly prints password to log file
> ------------------------------------------------------------------
>
> Key: QPID-3763
> URL: https://issues.apache.org/jira/browse/QPID-3763
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Environment: All OS platforms.
> Reporter: Weston M. Price
> Assignee: Weston M. Price
> Priority: Critical
> Fix For: 0.15
>
> Attachments: QPID-3763.patch
>
>
> The AMQConnectionDelegate_0_10 prints password information to the log file.
> This should be replaced with the standard '******' pattern. Also, I think we
> should go through the JMS client and determine if this is being done anywhere
> else.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
