Uploaded image for project: 'JBoss Cache'
  1. JBoss Cache
  2. JBCACHE-1612

JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.2.8.GA
    • Fix Version/s: 3.2.9.GA
    • Component/s: Cache loaders
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Code inspection

      Show
      Code inspection
    • Workaround Description:
      Hide

      disable ERROR logging for org.jboss.cache.loader
      -> not really a good idea

      Show
      disable ERROR logging for org.jboss.cache.loader -> not really a good idea
    • Estimated Difficulty:
      Low

      Description

      http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java

      088 public Connection getConnection()
      089 {
      ......
      099 catch (SQLException e)
      100 {
      101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e);

      So upon a connection error, the user/password will end up in the logfile in clear text

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tfonteyn Tom Fonteyne (Inactive)
              Reporter:
              tfonteyn Tom Fonteyne (Inactive)
              Archiver:
              samahaja Sagar Mahajan

                Dates

                Created:
                Updated:
                Resolved:
                Archived: