Hi, We are using Tomcat 5.0.27. Whenever the user logs using GET or POST request his/her username and password are being logged in clear text in the localhost access logs. It has become a security issue as anyone with an account to the system can browse through the logs and find out the username and password of the users.
So I was going through the documentation to find if there is any attribute which controls this behavior and we can prevent it from being printed in the log file but I couldn't find one. And I am using org.apache.catalina.logger.FileLogger as the Logger class. Any replies greatly appreciated. -- View this message in context: http://www.nabble.com/Avoiding-username-password-being-logged-into-localhost-access-logs-tp23176286p23176286.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
