Sujitha Chinnathambi created HTTPCLIENT-1811:
------------------------------------------------
Summary: Security : Authorization header should not be printed in
debug log
Key: HTTPCLIENT-1811
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1811
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (async)
Reporter: Sujitha Chinnathambi
Attachments: httpclient.patch
Current behaviour : When https call is made with basic authentication with
debug mode, authorization information which is transfered part of
'Authorization' header is getting printed in log in below artifact
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.6</version>
Example :
org.apache.http.wire - [] >> "Authorization: Basic
VEVTVCBLSCAwMS9TQ0hVTFVORzpzY2h1bHVuZw==[\r][\n]"
org.apache.http.headers - [] >> Authorization: Basic
VEVTVCBLSCAwMS9TQ0hVTFVORzpzY2h1bHVuZw==
Expected behaiour:
Though log level is debug, authorization information should not be printed in
log.
Attached httpclient.patch as proposal.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
