FUSE Message Broker
  1. FUSE Message Broker
  2. MB-840

Stomp message frames are logged by default containing the username and password

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 5.4.2-fuse-02-00
    • Fix Version/s: 5.5.0-fuse-00-00
    • Component/s: broker
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      Hi,

      There's been a bit of work in this area as of late MB-824 and MB-833. All is good with these bugs, however, when a bad password is sent the activemq log prints the following warning messages:

      22011-03-18 09:38:30,634 [38.171.43:40701] WARN TransportConnection - Failed to add Connection ID:gridmsg006.cern.ch-38456-1300437460886-2:3, reason: java.lang.SecurityException: User name or password is invalid.
      2011-03-18 09:38:30,634 [38.171.43:40701] WARN ProtocolConverter - Exception occurred processing:
      CONNECT
      host:gridmsg006
      accept-version:1.0,1.1
      passcode:bar
      login:foo
      
      : java.lang.SecurityException: User name or password is invalid.
      2011-03-18 09:38:30,636 [38.171.43:40701] INFO Transport - Transport failed: java.io.IOException: User name or password is invalid.
      
      

      I was able to see this here starting a secure broker (same as MB-824) and using the STOMP example we ship with bum password.
      Is it possible to star that out or make it configurable if it is printed. I tinkered around with the settings for:

      log4j.logger.org.apache.activemq.transport.stomp=TRACE, stomp
      

      But even on INFO this gets printed.

      Thanks,

      Susan

        Activity

        Hide
        Gary Tully
        added a comment -

        passcode now masked on trunk, will be in 5.5

        Show
        Gary Tully
        added a comment - passcode now masked on trunk, will be in 5.5

          People

          • Assignee:
            Gary Tully
            Reporter:
            Susan Javurek
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: