[jira] [Commented] (KARAF-3590) Don't log Passwords in clear text
[ https://issues.apache.org/jira/browse/KARAF-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14708120#comment-14708120 ] ASF GitHub Bot commented on KARAF-3590: --- Github user chirino closed the pull request at: https://github.com/apache/karaf/pull/56 Don't log Passwords in clear text - Key: KARAF-3590 URL: https://issues.apache.org/jira/browse/KARAF-3590 Project: Karaf Issue Type: Improvement Reporter: Hiram Chirino Assignee: Guillaume Nodet Fix For: 4.0.0.M3 If you enabled debug logging, shell commands get log. Including any password arguments. This can be considered a bad thing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-3590) Don't log Passwords in clear text
[ https://issues.apache.org/jira/browse/KARAF-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14348745#comment-14348745 ] Hiram Chirino commented on KARAF-3590: -- Created a pull request with initial impl at: https://github.com/apache/karaf/pull/56 It uses pluggable regex filters to scrub out passwords before logging them. Don't have regexes implemented for ALL commands that hold passwords yet. Don't log Passwords in clear text - Key: KARAF-3590 URL: https://issues.apache.org/jira/browse/KARAF-3590 Project: Karaf Issue Type: Improvement Reporter: Hiram Chirino Assignee: Hiram Chirino Fix For: 4.0.0 If you enabled debug logging, shell commands get log. Including any password arguments. This can be considered a bad thing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-3590) Don't log Passwords in clear text
[ https://issues.apache.org/jira/browse/KARAF-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14348744#comment-14348744 ] ASF GitHub Bot commented on KARAF-3590: --- GitHub user chirino opened a pull request: https://github.com/apache/karaf/pull/56 KARAF-3590: Don't log Passwords in clear text * Bundles can now register CommandLoggingFilter objects in the OSGi registry to get a chance to filter out sensitve data data from logs before the logging happens. You can merge this pull request into a Git repository by running: $ git pull https://github.com/chirino/karaf KARAF-3590 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/karaf/pull/56.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #56 commit 2e1628b8b7c3126cf61b2fa5b52c47a941dd7087 Author: Hiram Chirino hi...@hiramchirino.com Date: 2015-03-05T13:38:00Z KARAF-3590: Don't log Passwords in clear text * Bundles can now register CommandLoggingFilter objects in the OSGi registry to get a chance to filter out sensitve data data from logs before the logging happens. Don't log Passwords in clear text - Key: KARAF-3590 URL: https://issues.apache.org/jira/browse/KARAF-3590 Project: Karaf Issue Type: Improvement Reporter: Hiram Chirino Assignee: Hiram Chirino Fix For: 4.0.0 If you enabled debug logging, shell commands get log. Including any password arguments. This can be considered a bad thing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
