Keith Wall created QPID-4352:
--------------------------------
Summary: Java client logs key_store_password/trust_store_password
at debug
Key: QPID-4352
URL: https://issues.apache.org/jira/browse/QPID-4352
Project: Qpid
Issue Type: Bug
Components: Java Client
Reporter: Keith Wall
Assignee: Keith Wall
Fix For: 0.19
When run in DEBUG, the Qpid client logs the trust store/key store passwords to
the log. This could present a security issue.
{noformat}
main 2012-09-29 22:32:54,558 DEBUG [apache.qpid.client.AMQConnection]
Connection(1):amqp://guest:********@test/?brokerlist='tcp://localhost:15671?trust_store_password='password'&trust_store='test-profiles/test_resources/ssl/java_client_truststore.jks'&ssl_verify_hostname='true'&ssl='true'&key_store_password='password'&key_store='test-profiles/test_resources/ssl/java_client_keystore.jks''
{noformat}
The code should be changed to mask these passwords in the same fashion as the
client's password. This change was made by QPID-1208.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
