Bug 759237 - QpidRAConnectionRequestInfo prints password to logs in toString() method
Summary: QpidRAConnectionRequestInfo prints password to logs in toString() method
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-jca
Version: 2.0
Hardware: All
OS: All
high
high
Target Milestone: 2.1.2
: ---
Assignee: Weston M. Price
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-01 18:33 UTC by Weston M. Price
Modified: 2016-02-22 00:59 UTC (History)
5 users (show)

Fixed In Version: qpid-jca-0.14-3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-17 14:01:37 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Weston M. Price 2011-12-01 18:33:55 UTC 
This is a security hole and should be replaced with the standard ***** pattern
Comment 2 Jiri Pechanec 2012-01-17 12:06:19 UTC 
The same issue is present for
2012-01-17 09:10:55,769 DEBUG [org.apache.qpid.client.AMQConnectionDelegate_0_10:213] (RMI TCP Connection(13)-127.0.0.1) connecting to host: mrg01.mw.lab.eng.bos.redhat.com port: 5672 vhost: test username: guest password: guest
2012-01-17 09:08:35,726 TRACE [org.apache.qpid.ra.QpidResourceAdapter:430] (main) setConnectionURL(amqp://guest:guest@/test?brokerlist='tcp://localhost:5672')
2012-01-17 09:08:35,727 TRACE [org.apache.qpid.ra.ConnectionFactoryProperties:90] (main) setConnectionURL(amqp://guest:guest@/test?brokerlist='tcp://localhost:5672')
Comment 3 Weston M. Price 2012-01-17 14:01:37 UTC 
This is not in the JCA adapter but in the JMS client. 

DEBUG
[org.apache.qpid.client.AMQConnectionDelegate_0_10:213] (RMI TCP
Connection(13)-127.0.0.1) connecting to host: mrg01.mw.lab.eng.bos.redhat.com
port: 5672 vhost: test username: guest password: guest

Note, this is not in the QpidRAConnectionRequestInfo class.

The original bug was for the adapter only. Please close this bug and refile another issue against the JMS client.
Comment 4 Jiri Pechanec 2012-01-17 14:19:24 UTC 
Verified in 0.14-4
Note You need to log in before you can comment on or make changes to this bug.