Issue Details (XML | Word | Printable)

Key: CONTINUUM-2314
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Blocker Blocker
Assignee: Maria Catherine Tan
Reporter: Carlos Sanchez
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Continuum

Password is printed in logs in clear text when adding a project fails

Created: 25/Jul/09 01:36 PM   Updated: 03/Aug/09 06:18 PM   Resolved: 03/Aug/09 06:18 PM
Return to search
Component/s: Security
Affects Version/s: 1.3.3
Fix Version/s: 1.3.4

Time Tracking:
Not Specified

Complexity: Intermediate


 Description  « Hide

I got this in the continuum log, I've changed the parameters to hide the info, but where I say PASSWORDINCLEARTEXT it had my password there
Actually it had a bad password with a typo (that's why I got unauthorized) but it was close enough to the real one

2009-07-24 16:03:54,137 [addMavenTwoProjectBackgroundThread] INFO org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder - Downloading https://myusername:*****@svn.company.com/repos/pom.xml
2009-07-24 16:03:55,392 [addMavenTwoProjectBackgroundThread] ERROR org.apache.maven.continuum.project.builder.maven.MavenTwoContinuumProjectBuilder - Error
adding project: Unauthorized https://myusername:PASSWORDINCLEARTEXT@svn.company.com/repos/pom.xml



Brett Porter added a comment - 25/Jul/09 08:00 PM

so it is only shown if it is wrong?


Carlos Sanchez added a comment - 25/Jul/09 08:16 PM

seems so


Maria Catherine Tan added a comment - 27/Jul/09 10:00 PM

fixed in
r798376 of 1.3.x branch
r798377 of trunk


Maria Catherine Tan added a comment - 03/Aug/09 06:05 PM

Reopening because password is still printed in logs.


Maria Catherine Tan added a comment - 03/Aug/09 06:18 PM

Fixed in
r800613 of 1.3.x branch
r800615 of trunk