[
https://issues.apache.org/jira/browse/QPID-8135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16443926#comment-16443926
]
Keith Wall commented on QPID-8135:
----------------------------------
Changes at
[bcb5f70|https://git-wip-us.apache.org/repos/asf?p=qpid-jms-amqp-0-x.git;h=bcb5f70]
looked reasonable to me.
> [JMS AMQP 0-x] Connection URL options for end-to-end encryption
> keystore/trustore passwords can be logged when log level for
> 'org.apache.qpid' loggers is lower than 'warn'
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8135
> URL: https://issues.apache.org/jira/browse/QPID-8135
> Project: Qpid
> Issue Type: Bug
> Components: JMS AMQP 0-x
> Affects Versions: qpid-java-client-0-x-6.3.0
> Reporter: Alex Rudyy
> Assignee: Keith Wall
> Priority: Major
> Fix For: qpid-java-client-0-x-6.3.1
>
>
> The connection URL password options can be logged when log level for
> 'org.apache.qpid' loggers is lower than 'warn'.
> The following cases are identified when password is logged
> # when encryption keystore/trustore parameters are declared as part of
> broker URL , 'org.apache.qpid' loggers log level is set to ''info' or lower
> threshold and connectivity is not established, the
> encryption_key_store_password or encryption_trust_store_password can be
> logged with info log level as below
> {noformat}
> 2018-03-16 12:56:02,196 INFO [main] o.a.q.c.AMQConnection Unable to connect
> to broker at
> tcp://localhost:5672?encryption_trust_store='/path/to/trustore.jks'&encryption_trust_store_password='password'
> org.apache.qpid.transport.TransportException: Error connecting to broker
> at
> org.apache.qpid.transport.network.io.IoNetworkTransport.connectTcp(IoNetworkTransport.java:151)
> ...
> 2018-03-16 12:56:02,196 INFO [main] o.a.q.j.f.FailoverRoundRobinServers ====
> Checking failoverAllowed() ====
> 2018-03-16 12:56:02,197 INFO [main] o.a.q.j.f.FailoverRoundRobinServers
> Cycle Servers:
> Cycle Retries:20
> Current Cycle:20
> Server Retries:0
> Current Retry:0
> Current Broker:0
> >tcp://localhost:5672?encryption_trust_store='/path/to/trsutsore.jks'&encryption_trust_store_password='password'
> {noformat}
> # when encryption keystore/trustore parameters or/and SSL trust store
> parameters or/and SSL client-auth parameters are declared as part of
> connection URL and 'org.apache.qpid' loggers log level is set to 'debug' or
> lower threshold, the password options can be logged with DEBUG log level as
> below:
> {noformat}
> 2018-03-16 13:03:20,879 DEBUG [main] o.a.q.c.AMQConnection
> Connection(1):amqp://admin:********@consumer/?encryption_trust_store='/path/to/keystore.jks'&trust_store='/path/to/trsustore.ts'&key_store_password='secret'&encryption_trust_store_password='password'&key_store='/path/to/keystore.ks'&trust_store_password='secret'&brokerlist='tcp://localhost:5672'&failover='roundrobin?cyclecount='20''
> {noformat}
> The work around for the issue would be to set debug log level to warn at
> least for the following loggers:
> * org.apache.qpid.client.AMQConnection
> * org.apache.qpid.jms.failover.FailoverRoundRobinServers
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
