Opened 13 years ago
Last modified 13 years ago
#449 new defect
remove cleartext password in logging
| Reported by: | schaubr | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | Future release |
| Component: | General | Version: | v2.6.2 |
| Keywords: | geonetwork, logging, password | Cc: |
Description
Currently, the passwords used by the users to login into GeoNetwork, appear in cleartext in the (debug) logging. Especially in an environment where users login through LDAP, this is bad practice.
Example where this happens: LDAPContext.java, line 127
Note:
See TracTickets
for help on using tickets.
Also happens in Jeeves request log