Hi Abiy,
Regarding the issues you have raised
1)
>>Credentials leaked in localhost access log
This issue would exist when HTTP basic auth is used on Fineract (username
and password are passed as query parameters over a HTTPS channel) and
access log is enabled on tomcat (where the default
Hello Shtuthi,
Yeah one is that, which is from the server.xml,
(
)
And the other is the one that is displaying in catalina,
(fineract-provider-log)
(
166270 [http-bio-8443-exec-7] INFO
o.a.f.i.s.f.TenantAwareBasicAuthenticationFilter -
Thanks Abiy for bringing this to our attention.
Are you referring the API - POST
/fineract-provider/api/v1/authentication?username=ABC=78loknbj
HTTP/1.1" 200 353 ?
being logged in localhost_access_log?
Thank You,
*Shruthi M R*
Senior Software Engineer - Conflux Technologies