Bug 759237

Summary: QpidRAConnectionRequestInfo prints password to logs in toString() method
Product: Red Hat Enterprise MRG Reporter: Weston M. Price <wprice>
Component: qpid-jcaAssignee: Weston M. Price <wprice>
Status: CLOSED CURRENTRELEASE QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 2.0CC: cdewolf, iboverma, jpechane, jross, tross
Target Milestone: 2.1.2Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: qpid-jca-0.14-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-17 14:01:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Weston M. Price 2011-12-01 18:33:55 UTC 
This is a security hole and should be replaced with the standard ***** pattern
Comment 2 Jiri Pechanec 2012-01-17 12:06:19 UTC 
The same issue is present for
2012-01-17 09:10:55,769 DEBUG [org.apache.qpid.client.AMQConnectionDelegate_0_10:213] (RMI TCP Connection(13)-127.0.0.1) connecting to host: mrg01.mw.lab.eng.bos.redhat.com port: 5672 vhost: test username: guest password: guest
2012-01-17 09:08:35,726 TRACE [org.apache.qpid.ra.QpidResourceAdapter:430] (main) setConnectionURL(amqp://guest:guest@/test?brokerlist='tcp://localhost:5672')
2012-01-17 09:08:35,727 TRACE [org.apache.qpid.ra.ConnectionFactoryProperties:90] (main) setConnectionURL(amqp://guest:guest@/test?brokerlist='tcp://localhost:5672')
Comment 3 Weston M. Price 2012-01-17 14:01:37 UTC 
This is not in the JCA adapter but in the JMS client. 

DEBUG
[org.apache.qpid.client.AMQConnectionDelegate_0_10:213] (RMI TCP
Connection(13)-127.0.0.1) connecting to host: mrg01.mw.lab.eng.bos.redhat.com
port: 5672 vhost: test username: guest password: guest

Note, this is not in the QpidRAConnectionRequestInfo class.

The original bug was for the adapter only. Please close this bug and refile another issue against the JMS client.
Comment 4 Jiri Pechanec 2012-01-17 14:19:24 UTC 
Verified in 0.14-4