Uploaded image for project: 'JBoss Cache'
  1. JBoss Cache
  2. JBCACHE-1612

JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.2.8.GA
    • Fix Version/s: 3.2.9.GA
    • Component/s: Cache loaders
    • Labels:
      None
    • Environment:

      all

    • Steps to Reproduce:
      Hide

      Code inspection

      Show
      Code inspection
    • Workaround Description:
      Hide

      disable ERROR logging for org.jboss.cache.loader
      -> not really a good idea

      Show
      disable ERROR logging for org.jboss.cache.loader -> not really a good idea
    • Estimated Difficulty:
      Low

      Description

      http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java

      088 public Connection getConnection()
      089 {
      ......
      099 catch (SQLException e)
      100 {
      101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e);

      So upon a connection error, the user/password will end up in the logfile in clear text

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  tfonteyn Tom Fonteyne
                  Reporter:
                  tfonteyn Tom Fonteyne
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: