[jira] [Commented] (CXF-6824) Logs output User Password In Plain Text at INFO level

Colm O hEigeartaigh (JIRA) Tue, 08 Mar 2016 07:54:06 -0800

    [ 
https://issues.apache.org/jira/browse/CXF-6824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15185123#comment-15185123
 ]


Colm O hEigeartaigh commented on CXF-6824:
------------------------------------------

Where is it being logged? 

> Logs output User Password In Plain Text at INFO level
> -----------------------------------------------------
>
>                 Key: CXF-6824
>                 URL: https://issues.apache.org/jira/browse/CXF-6824
>             Project: CXF
>          Issue Type: Bug
>          Components: logging
>    Affects Versions: 2.7.16
>         Environment: Windows server, Java 8 and Apache CXF 2.7.16.
>            Reporter: Qi Lu
>
> In a http soap webservice call, the user password was output in plain text in 
> the log at INFO level. This leads to security concerns of the application 
> building on top it. User password is very sensitive information, it should 
> not be at the INFO log level.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CXF-6824) Logs output User Password In Plain Text at INFO level

Reply via email to