Hi, When going through "SecretResolver" class's source code [1]. I noticed in the method "public String resolve(String encryptedPassword, String prompt)", at the end, it is logging both the encrypted and the final unencrypted clear text value as a log.info(). I guess we should not be logging this kind of information, or is this intended behaviour ? ..
[1] https://svn.wso2.org/repos/wso2/branches/carbon/3.1.0/dependencies/synapse/modules/securevault/src/main/java/org/apache/synapse/securevault/SecretResolver.java Cheers, Anjana. -- Anjana Fernando Software Engineer WSO2, Inc.; http://wso2.com lean.enterprise.middleware
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
