[
https://issues.apache.org/jira/browse/KARAF-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14348744#comment-14348744
]
ASF GitHub Bot commented on KARAF-3590:
---------------------------------------
GitHub user chirino opened a pull request:
https://github.com/apache/karaf/pull/56
KARAF-3590: Don't log Passwords in clear text
* Bundles can now register CommandLoggingFilter objects in the OSGi
registry to get a chance to filter out sensitve data data from logs before the
logging happens.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/chirino/karaf KARAF-3590
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/karaf/pull/56.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #56
----
commit 2e1628b8b7c3126cf61b2fa5b52c47a941dd7087
Author: Hiram Chirino <[email protected]>
Date: 2015-03-05T13:38:00Z
KARAF-3590: Don't log Passwords in clear text
* Bundles can now register CommandLoggingFilter objects in the OSGi
registry to get a chance to filter out sensitve data data from logs before the
logging happens.
----
> Don't log Passwords in clear text
> ---------------------------------
>
> Key: KARAF-3590
> URL: https://issues.apache.org/jira/browse/KARAF-3590
> Project: Karaf
> Issue Type: Improvement
> Reporter: Hiram Chirino
> Assignee: Hiram Chirino
> Fix For: 4.0.0
>
>
> If you enabled debug logging, shell commands get log. Including any password
> arguments. This can be considered a bad thing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
