Your logging is not configured properly. Setup the log4j.properties and this should take care of that issue. -Sudhir.
-----Original Message----- From: Evan Dillon [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 31, 2005 1:27 PM To: tomcat-user@jakarta.apache.org Subject: Plain text passwords printed to catalina.out Passwords submitted via password form fields over SSL are showing up in plain text in my catalina.out. Is this something I should be concerned about and, more importantly, something I can turn off? When any POST form is submitted (port 80 or 443,) The plain-text form data is in my catalina.out. I see the following in catalina.out when a login form is submitted via SSL(where XXXX... is the actual password) It doesn't seem to happen while logging in to the tomcat-admin app over localhost:8080, only with apps accessed over apache/mod_jk (actual hex has been obfuscated) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .4.?.=app_id=6&u 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ser=USERNAME&pas 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | sword=XXXXXXXXXX 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XXXXX&submit=sub 6d 69 74 Catalina.out has the following permissions: -rw------- 1 root root 902 Aug 31 09:04 catalina.out Thanks Evan Tomcat 5.0.30 Apache 1.3.33 latest mod_jk --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]