[
https://issues.apache.org/jira/browse/QPID-7289?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-7289:
-----------------------------
Description:
The broker logs the SASL negotiation at DEBUG level. This includes the
challenges and response going between the client and the broker.
These contain potentially sensitive information (e.g., user credentials) and
should therefore be masked.
On AMQP 0-9 they are masked.
On AMQP 0-10 they are not masked.
I did not test 1.0
was:
The broker logs the SAL negotiation at DEBUG level. This includes the
challenges and response going between the client and the broker.
These contain potentially sensitive information (e.g., user credentials) and
should therefore be masked.
On AMQP 0-9 they are masked.
On AMQP 0-10 they are not masked.
I did not test 1.0
> [Java Broker] SASL challenges and response should be masked in the log file
> ---------------------------------------------------------------------------
>
> Key: QPID-7289
> URL: https://issues.apache.org/jira/browse/QPID-7289
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: qpid-java-6.0, qpid-java-6.0.3, qpid-java-6.1
> Reporter: Lorenz Quack
> Fix For: qpid-java-6.2
>
>
> The broker logs the SASL negotiation at DEBUG level. This includes the
> challenges and response going between the client and the broker.
> These contain potentially sensitive information (e.g., user credentials) and
> should therefore be masked.
> On AMQP 0-9 they are masked.
> On AMQP 0-10 they are not masked.
> I did not test 1.0
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
