Lorenz Quack created QPID-7289:
----------------------------------
Summary: [Java Broker] SASL challenges and response should be
masked in the log file
Key: QPID-7289
URL: https://issues.apache.org/jira/browse/QPID-7289
Project: Qpid
Issue Type: Bug
Components: Java Broker
Affects Versions: qpid-java-6.0.3, qpid-java-6.0, qpid-java-6.1
Reporter: Lorenz Quack
The broker logs the SAL negotiation at DEBUG level. This includes the
challenges and response going between the client and the broker.
These contain potentially sensitive information (e.g., user credentials) and
should therefore be masked.
On AMQP 0-9 they are masked.
On AMQP 0-10 they are not masked.
I did not test 1.0
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
