Continuum
  1. Continuum
  2. CONTINUUM-1914

Passwords are exposed in continuum.log

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.2
    • Fix Version/s: 1.2.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Continuum 1.3-SNAPSHOT r700970
      Mac OS X
    • Complexity:
      Intermediate
    • Number of attachments :
      0

      Description

      When adding a m2 project using a url to the pom file, I see this in the log:

      2008-10-01 16:58:03,541 [addMavenTwoProjectBackgroundThread] INFO continuumProjectBuilder#maven-two-builder - Downloading https://wsmoak:PASSWORD@example.com/svn/wsmoak/hello/trunk/pom.xml

      (where PASSWORD was my actual password.)

      Passwords should be masked in the log files.

        Issue Links

          Activity

          Hide
          Wendy Smoak added a comment -

          Work on the CONTINUUM-1721 branch seems headed towards changing method signatures so we pass around the url separately from the userid and password.

          I haven't looked to see where this is coming from exactly, but if that happens, we can probably log the url without the credentials.

          Meanwhile, we need to change or comment out this log statement.

          Show
          Wendy Smoak added a comment - Work on the CONTINUUM-1721 branch seems headed towards changing method signatures so we pass around the url separately from the userid and password. I haven't looked to see where this is coming from exactly, but if that happens, we can probably log the url without the credentials. Meanwhile, we need to change or comment out this log statement.
          Hide
          Emmanuel Venisse added a comment -

          Fixed in r.702698

          Show
          Emmanuel Venisse added a comment - Fixed in r.702698

            People

            • Assignee:
              Emmanuel Venisse
              Reporter:
              Wendy Smoak
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: