[
https://issues.apache.org/jira/browse/QPID-3763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13191268#comment-13191268
]
Weston M. Price commented on QPID-3763:
---------------------------------------
Hi Alex,
Typically I believe masking never uses the exact number of characters from
the password as this would give an indication of exactly how long the password
is. Also, I believe some form of mask makes sense being that if some form of
password based auth is being used, people would expect to see the standard
'******' printed to the logs.
> AMQConnectionDelegate_0_10 incorrectly prints password to log file
> ------------------------------------------------------------------
>
> Key: QPID-3763
> URL: https://issues.apache.org/jira/browse/QPID-3763
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Environment: All OS platforms.
> Reporter: Weston M. Price
> Assignee: Weston M. Price
> Priority: Critical
> Fix For: 0.15
>
> Attachments: QPID-3763.patch
>
>
> The AMQConnectionDelegate_0_10 prints password information to the log file.
> This should be replaced with the standard '******' pattern. Also, I think we
> should go through the JMS client and determine if this is being done anywhere
> else.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
