On Wed, 2013-02-20 at 15:21 -0800, yogesh kamat wrote: > Hello, > > I am using httpclient 4.1.3 to authenticate with a CAS server using basic > authentication and POST. When I turn on debug logs for the java process, this > results in my password being logged in clear text in the logs.(through > httpclient wire logging) Is this expected? Any way around this other than > sending an encrypted password in the first place? > > Thanks. >
Yogesh Yes, it is. HttpClient does not attempt to obfuscate security sensitive information contained in message headers or body. You should not be using header / wire logging in productive environments. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
