[ https://issues.apache.org/jira/browse/OFBIZ-9310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aditya Sharma updated OFBIZ-9310: --------------------------------- Attachment: OFBIZ-9310.patch Removed the line that prints "Request Parameter Map Entries" as it may print username and password entered by user when verbose set to true. It may not be a grave concern for staging environment as verbose are not logged there but it is still unethical to print such details. > On setting verbose true, UtilHttp.getParameterMap() method prints username > and password in logs > ----------------------------------------------------------------------------------------------- > > Key: OFBIZ-9310 > URL: https://issues.apache.org/jira/browse/OFBIZ-9310 > Project: OFBiz > Issue Type: Bug > Reporter: Aditya Sharma > Assignee: Aditya Sharma > Attachments: OFBIZ-9310.patch > > > In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String> > nameSet, Boolean onlyIncludeOrSkip) method, following line of code prints > username and password in logs when verbose is set to true. > if (Debug.verboseOn()) { > Debug.logVerbose("Made Request Parameter Map with [" + > paramMap.size() + "] Entries", module); > Debug.logVerbose("Request Parameter Map Entries: " + > System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); > } -- This message was sent by Atlassian JIRA (v6.3.15#6346)