[
https://issues.apache.org/jira/browse/VFS-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Schaible resolved VFS-169.
--------------------------------
Resolution: Fixed
Fix Version/s: 2.0
My original concern have been only the URLs in the FileSystemException. That's
what I've committed now - the info passed to the exception will be examined for
URLs with password and passwords will be masked automatically. However, Frank's
approach and patch is also reasonable - it depends on what we want. Main
concern with his solution is the overridden toString method of the
GenericFileName, because it changes silently the API. This method is normally
inherited from AbstractFileName and the Javadoc states explicitly that toString
is a call to getURI. Now, since we seem to head for 2.0 with the next release
anyway, we might consider such a change. But in this case I would rather change
AbstractFileName's toString method and call getFriendlyURI there as default.
Please comment, if we decide to take the friendly URI approach, we will reopen
this issue.
> Thrown exception reveals passwords
> ----------------------------------
>
> Key: VFS-169
> URL: https://issues.apache.org/jira/browse/VFS-169
> Project: Commons VFS
> Issue Type: Bug
> Affects Versions: 1.0
> Reporter: Joerg Schaible
> Assignee: Joerg Schaible
> Fix For: 2.0
>
> Attachments: vfs-pwd.patch
>
>
> If an exception occurs accessing a FileObject on a FileSystem that is
> addressed with an URL containing user and password the thrown exception
> contains the password as part of the error message:
> org.apache.commons.vfs.FileSystemException: Could not connect to SFTP server
> at "sftp://user:[email protected]/";.
> In such a case the URL should be printed as "sftp://user:*[email protected]/";.
> Same applied to log messages - at least for INFO and higher.
> This is a security risk, since in big companies exceptions and logs are
> normally collected and archived in monitoring systems and may reveal the
> password to persons that have normally no authorization to the target system.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
