Keith Wall created QPID-6724:
--------------------------------
Summary: Stop writing all usernames within an external password
data to the log
Key: QPID-6724
URL: https://issues.apache.org/jira/browse/QPID-6724
Project: Qpid
Issue Type: Bug
Components: Java Broker
Reporter: Keith Wall
Priority: Minor
Currently the Java Broker on start-up, if using an PlainPasswordFile or
Base64MD5PasswordFile authentication provider, the names of all users contained
within the password database are logged at INFO to the log. Even though their
passwords are not revealed, this seems dubious: it could still assist a a
malicious person successfully compromise an account.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
