[
https://issues.apache.org/jira/browse/DBCP-519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16583054#comment-16583054
]
Gary Gregory commented on DBCP-519:
-----------------------------------
Hi [~psteitz],
Thank you for your review.
{quote}
usernames are generally also considered security credentials so if these are
not already exposed, it would probably be good to omit them (i.e. they should
be looked at as like passwords). That does make the per user pool tostrings
less useful though.
{quote}
I've removed user names from:
- org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
- org.apache.commons.dbcp2.datasources.CPDSConnectionFactory
- org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (which now
inherits its toString())
I've left as is org.apache.commons.dbcp2.datasources.UserPassKey which used to
print out both it's user and password and now only shows its user. Do you think
it should just get its toString() from Object?
{quote}
> Add some toString() methods for debugging (never printing passwords)
> --------------------------------------------------------------------
>
> Key: DBCP-519
> URL: https://issues.apache.org/jira/browse/DBCP-519
> Project: Commons DBCP
> Issue Type: Improvement
> Reporter: Gary Gregory
> Assignee: Gary Gregory
> Priority: Major
> Fix For: 2.6.0
>
>
> Add some toString() methods for debugging never printing passwords:
> * org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
> * org.apache.commons.dbcp2.cpdsadapter.PooledConnectionImpl
> * org.apache.commons.dbcp2.datasources.CPDSConnectionFactory
> * org.apache.commons.dbcp2.datasources.InstanceKeyDataSource
> * org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
> * org.apache.commons.dbcp2.datasources.SharedPoolDataSource
> * org.apache.commons.dbcp2.datasources.UserPassKey (updated not to print
> passwords even though it was a char[] reference.)
> I went YAGNI here and only added what I needed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
