[
https://issues.apache.org/activemq/browse/CAMEL-3099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lorrin Nelson updated CAMEL-3099:
---------------------------------
Attachment: 0002-Add-unit-testing-to-DefaultEndPoint-toString-changes.patch
This patch adds unit tests. It also cleans up the errant imports. Rather than
copy the regex I factored out execution of the regex into a helper method and
unit test that.
> passwords and other private data contained in URIs should not be logged in
> plaintext
> ------------------------------------------------------------------------------------
>
> Key: CAMEL-3099
> URL: https://issues.apache.org/activemq/browse/CAMEL-3099
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-core
> Reporter: Lorrin Nelson
> Assignee: Hadrian Zbarcea
> Priority: Minor
> Attachments:
> 0001-Reduce-risk-of-showing-passwords-in-URIs-by-adding-c.patch,
> 0002-Add-unit-testing-to-DefaultEndPoint-toString-changes.patch
>
>
> URIs with sensitive data are common and that URIs are frequently logged. I
> bumped into this myself most recently with an FTP consumer. I ended up with
> log messages like this:
> RemoteFileProducer 2010-08-31 16:21:45,459 -- INFO -- Connected and logged in
> to:
> Endpoint[sftp://myusern...@my.host.name/var/my/path?fileName=myFile.txt&password=yikesMyPassword]
> I propose a sane-defaults patch of modifying DefaultEndoint.java's toString
> to sanitize the URI by looking for URI params containing the tokens
> "password" or "passphrase" and rendering their value as "*******" instead of
> the actual value. Obviously this isn't always the right thing to do in every
> situation, but it seems appropriate for many endpoints. Any for which it is
> not appropriate could override toString.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
