[
https://issues.apache.org/jira/browse/OFBIZ-9310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aditya Sharma updated OFBIZ-9310:
---------------------------------
Attachment: OFBIZ-9310.patch
Removed the line that prints "Request Parameter Map Entries" as it may print
username and password entered by user when verbose set to true. It may not be a
grave concern for staging environment as verbose are not logged there but it is
still unethical to print such details.
> On setting verbose true, UtilHttp.getParameterMap() method prints username
> and password in logs
> -----------------------------------------------------------------------------------------------
>
> Key: OFBIZ-9310
> URL: https://issues.apache.org/jira/browse/OFBIZ-9310
> Project: OFBiz
> Issue Type: Bug
> Reporter: Aditya Sharma
> Assignee: Aditya Sharma
> Attachments: OFBIZ-9310.patch
>
>
> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String>
> nameSet, Boolean onlyIncludeOrSkip) method, following line of code prints
> username and password in logs when verbose is set to true.
> if (Debug.verboseOn()) {
> Debug.logVerbose("Made Request Parameter Map with [" +
> paramMap.size() + "] Entries", module);
> Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
> }
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
