On Fri, Oct 29, 2010 at 2:01 PM, Anjana Fernando <[email protected]> wrote: > Hi, > > When going through "SecretResolver" class's source code [1]. I noticed in > the method "public String resolve(String encryptedPassword, String prompt)", > at the end, it is logging both the encrypted and the final unencrypted clear > text value as a log.info(). I guess we should not be logging this kind of > information, or is this intended behaviour ? ..
+1 - we need to remove those logs... Thanks & regards, -Prabath > > [1] > https://svn.wso2.org/repos/wso2/branches/carbon/3.1.0/dependencies/synapse/modules/securevault/src/main/java/org/apache/synapse/securevault/SecretResolver.java > > Cheers, > Anjana. > > -- > Anjana Fernando > Software Engineer > WSO2, Inc.; http://wso2.com > lean.enterprise.middleware > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath Siriwardena http://blog.facilelogin.com http://RampartFAQ.com _______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
