Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Bug #209 (new)

Opened 18 years ago

Last modified 18 years ago

Logging infrastructure is printing cleartext passwords on changePassword — at Initial Version

Reported by: jamoore Owned by: jamoore
Priority: minor Cc: cxallan
Sprint: n.a.
Total Remaining Time: n.a.

Description

Login calls going to the application server don't get caught by the Omero logging infrastructure (ServiceHandler). However, calls to our api methods like changePassword, changeUserPassword, etc. do get logged. The easiest solution is to not log these methods (or at least to log them with a secure logger). It would also be possible to introduce a ParameterAnnotation to omit certain parameters:

    public void changePassword( String user, @DontLog String newPassword );

Change History (0)

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.63045 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!