[jira] [Commented] (KARAF-3590) Don't log Passwords in clear text

Hiram Chirino (JIRA) Thu, 05 Mar 2015 05:58:57 -0800

    [ 
https://issues.apache.org/jira/browse/KARAF-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14348745#comment-14348745
 ]


Hiram Chirino commented on KARAF-3590:
--------------------------------------

Created a pull request with initial impl at:
https://github.com/apache/karaf/pull/56

It uses pluggable regex filters to scrub out passwords before logging them.  
Don't have regexes implemented for ALL commands that hold passwords yet.

> Don't log Passwords in clear text
> ---------------------------------
>
>                 Key: KARAF-3590
>                 URL: https://issues.apache.org/jira/browse/KARAF-3590
>             Project: Karaf
>          Issue Type: Improvement
>            Reporter: Hiram Chirino
>            Assignee: Hiram Chirino
>             Fix For: 4.0.0
>
>
> If you enabled debug logging, shell commands get log.  Including any password 
> arguments.  This can be considered a bad thing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KARAF-3590) Don't log Passwords in clear text

Reply via email to