JBoss Cache
  1. JBoss Cache
  2. JBCACHE-1612

JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 3.2.8.GA
    • Fix Version/s: 3.2.9.GA
    • Component/s: Cache loaders
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Environment:
      all
    • Workaround Description:
      Hide

      disable ERROR logging for org.jboss.cache.loader
      -> not really a good idea

      Show
      disable ERROR logging for org.jboss.cache.loader -> not really a good idea
    • Estimated Difficulty:
      Low
    • Steps to Reproduce:
      Hide

      Code inspection

      Show
      Code inspection
    • Similar Issues:
      Show 10 results 

      Description

      http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java

      088 public Connection getConnection()
      089 {
      ......
      099 catch (SQLException e)
      100 {
      101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e);

      So upon a connection error, the user/password will end up in the logfile in clear text

        Issue Links

          Activity

          Hide
          Tom Fonteyne
          added a comment -

          fixed in trunk, will be backported to actual customer versions

          Show
          Tom Fonteyne
          added a comment - fixed in trunk, will be backported to actual customer versions

            People

            • Assignee:
              Tom Fonteyne
              Reporter:
              Tom Fonteyne
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: