OverviewUser authentication processes are logging credentials (password) in clear text. This data should not be records in the logs An issue has been created. WorkaroundUntil this issue is resolved, password data (and all data) will not be written to the logs if the debug level is set to 0 (zero). ScopeThere are a number of mechanisms that could cause password data to be written to a log file. This table lists all the known mechanisms that would need to be modified.
Servlet FilterA prototype design encrypts values that have a name of password. The encrypted value would be shown in the logs, instead of the clear text value. Id/Password AuthenticatorA prototype design encrypts values that have a name of password. The encrypted value would be shown in the logs, instead of the clear text value. |
Projects >