[
https://issues.apache.org/jira/browse/GROOVY-8068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15856790#comment-15856790
]
ASF GitHub Bot commented on GROOVY-8068:
----------------------------------------
Github user paulk-asert commented on a diff in the pull request:
https://github.com/apache/groovy/pull/491#discussion_r99928551
--- Diff: subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java ---
@@ -578,17 +578,26 @@ public static Sql newInstance(Map<String, Object>
args) throws SQLException, Cla
Object url = sqlArgs.remove("url");
Connection connection;
+ LOG.fine("url = " + url);
if (props != null) {
- System.err.println("url = " + url);
- System.err.println("props = " + props);
- connection = DriverManager.getConnection(url.toString(), new
Properties(props));
+ Properties propsCopy = new Properties(props);
+ connection = DriverManager.getConnection(url.toString(),
propsCopy);
+ if (propsCopy.containsKey("password")) {
+ // don't log the password
+ propsCopy = new Properties(propsCopy);
--- End diff --
It is certainly conservative code. I didn't want the password appearing in
logging and I didn't know whether any drivers out there might hold onto the
properties object and re-use it when e.g. growing a connection pool or
something.
> improper logging in groovy.sql.Sql
> ----------------------------------
>
> Key: GROOVY-8068
> URL: https://issues.apache.org/jira/browse/GROOVY-8068
> Project: Groovy
> Issue Type: Bug
> Components: groovy-runtime
> Affects Versions: 2.4.8
> Environment: groovy-all-2.4.8-indy.jar
> Reporter: Frank Limpert
> Assignee: Paul King
> Priority: Minor
>
> In groovy.sql.Sql.newInstance(Map<String, Object>), there are two
> System.err.println() statements left. One of these prints the password of the
> connection to be created among other info. Convert these statements to proper
> log output.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
