Menu
▾
▴
[Hibernate-issues] [Hibernate-JIRA] Created: (HB-394) Security : Avoid printing password information in log files
|
From: <leg...@at...> - 2003-10-12 05:48:19
|
Message: A new issue has been created in JIRA. --------------------------------------------------------------------- View the issue: http://opensource.atlassian.com/projects/hibernate/secure/ViewIssue.jspa?key=HB-394 Here is an overview of the issue: --------------------------------------------------------------------- Key: HB-394 Summary: Security : Avoid printing password information in log files Type: Improvement Status: Unassigned Priority: Minor Project: Hibernate2 Components: core Versions: 2.0.3 Assignee: Reporter: John Walshe Created: Sun, 12 Oct 2003 12:47 AM Updated: Sun, 12 Oct 2003 12:47 AM Description: Currently the user password is being written in the log files. For security purposes can it be masked out, ie '?????' ? Atleast two method need to be changed. ------------------------ CLASS: net.sf.hibernate.connectionDriverManagerConnectionProvider METHOD: configure() FROM: log.info( "using driver: " + driverClass + " at URL: " + url ); log.info("connection properties: " + connectionProps); TO: Properties connectionPropsClone = (Properties)connectionProps.clone(); connectionPropsClone.put("password", "?????????"); log.info( "using driver: " + driverClass + " at URL: " + url ); log.info("connection properties: " + connectionPropsClone); ------------------------ CLASS: net.sf.hibernate.impl.SessionFactoryImpl METHOD: () FROM: if ( log.isDebugEnabled() ) log.debug("instantiating session factory with properties: " + properties); TO: if ( log.isDebugEnabled() ) { // Take a copy of the properties and blank out the password field Properties propsClone = (Properties)properties.clone(); propsClone.put("hibernate.connection.password", "?????????"); log.debug("instantiating session factory with properties: " + propsClone); } --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/hibernate/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira |
