---------- Forwarded message ---------- From: jithu mada <jithu.m...@gmail.com> Date: Wed, Apr 22, 2009 at 5:38 PM Subject: username/password being logged in clear text To: users@tomcat.apache.org
Hi, We are using Tomcat 5.0.27. Whenever the user logs using GET or POST request his/her username and password are being logged in clear text in the localhost access logs. It has become a security issue as anyone with an account to the system can browse through the logs and find out the username and password of the users. So I was going through the documentation to find if there is any attribute which controls this behavior and we can prevent it from being printed in the log file but I couldn't find one. And I am using org.apache.catalina.logger.FileLogger as the Logger class. I really appreciate if you can help me out here. thanks Jitender
