[ https://issues.apache.org/jira/browse/QPID-4352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall reassigned QPID-4352: -------------------------------- Assignee: Robbie Gemmell (was: Keith Wall) Patch applied. Hi Robbie, could you review this commit? > Java client logs key_store_password/trust_store_password from connection url > at debug > ------------------------------------------------------------------------------------- > > Key: QPID-4352 > URL: https://issues.apache.org/jira/browse/QPID-4352 > Project: Qpid > Issue Type: Bug > Components: Java Client > Affects Versions: 0.16, 0.18 > Reporter: Keith Wall > Assignee: Robbie Gemmell > Fix For: 0.19 > > > When run in DEBUG, the Qpid client logs the trust store/key store passwords > to the log. This could present a security issue. > {noformat} > main 2012-09-29 22:32:54,558 DEBUG [apache.qpid.client.AMQConnection] > Connection(1):amqp://guest:********@test/?brokerlist='tcp://localhost:15671?trust_store_password='password'&trust_store='test-profiles/test_resources/ssl/java_client_truststore.jks'&ssl_verify_hostname='true'&ssl='true'&key_store_password='password'&key_store='test-profiles/test_resources/ssl/java_client_keystore.jks'' > {noformat} > The code should be changed to mask these passwords in the same fashion as the > client's password. This change was made by QPID-1208. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org