JBoss Cache
  1. JBoss Cache
  2. JBCACHE-1612

JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs

    Details

    • Type: Bug Bug
    • Status: Resolved (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 3.2.8.GA
    • Fix Version/s: 3.2.9.GA
    • Component/s: Cache loaders
    • Labels:
      None
    • Environment:
      all
    • Workaround Description:
      Hide

      disable ERROR logging for org.jboss.cache.loader
      -> not really a good idea

      Show
      disable ERROR logging for org.jboss.cache.loader -> not really a good idea
    • Estimated Difficulty:
      Low
    • Steps to Reproduce:
      Hide

      Code inspection

      Show
      Code inspection
    • Similar Issues:
      Show 10 results 

      Description

      http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java

      088 public Connection getConnection()
      089 {
      ......
      099 catch (SQLException e)
      100 {
      101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e);

      So upon a connection error, the user/password will end up in the logfile in clear text

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Tom Fonteyne added a comment -

            fixed in trunk, will be backported to actual customer versions

            Show
            Tom Fonteyne added a comment - fixed in trunk, will be backported to actual customer versions

              People

              • Assignee:
                Tom Fonteyne
                Reporter:
                Tom Fonteyne
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development