[#CONTINUUM-2314] Password is printed in logs in clear text when adding a project fails - jira.codehaus.org

Continuum

Password is printed in logs in clear text when adding a project fails

Created: 25/Jul/09 01:36 PM Updated: 03/Aug/09 06:18 PM Resolved: 03/Aug/09 06:18 PM

Return to search

Component/s:

Security

Affects Version/s:

1.3.3

Fix Version/s:

1.3.4

Time Tracking:

Not Specified

Complexity:

Intermediate

Description

« Hide

I got this in the continuum log, I've changed the parameters to hide the info, but where I say PASSWORDINCLEARTEXT it had my password there
Actually it had a bad password with a typo (that's why I got unauthorized) but it was close enough to the real one

2009-07-24 16:03:54,137 [addMavenTwoProjectBackgroundThread] INFO org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder - Downloading https://myusername:*****@svn.company.com/repos/pom.xml
2009-07-24 16:03:55,392 [addMavenTwoProjectBackgroundThread] ERROR org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder - Error
adding project: Unauthorized https://myusername:PASSWORDINCLEARTEXT@svn.company.com/repos/pom.xml

Sort Order:

[ Permalink | « Hide ]

Brett Porter added a comment - 25/Jul/09 08:00 PM

so it is only shown if it is wrong?

[ Permalink | « Hide ]

Carlos Sanchez added a comment - 25/Jul/09 08:16 PM

seems so

[ Permalink | « Hide ]

Maria Catherine Tan added a comment - 27/Jul/09 10:00 PM

fixed in
r798376 of 1.3.x branch
r798377 of trunk

[ Permalink | « Hide ]

Maria Catherine Tan added a comment - 03/Aug/09 06:05 PM

Reopening because password is still printed in logs.

[ Permalink | « Hide ]

Maria Catherine Tan added a comment - 03/Aug/09 06:18 PM

Fixed in
r800613 of 1.3.x branch
r800615 of trunk