Bug #209 (new)
Opened 18 years ago
Last modified 18 years ago
Logging infrastructure is printing cleartext passwords on changePassword — at Initial Version
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | minor | Cc: | cxallan |
Sprint: | n.a. | ||
Total Remaining Time: | n.a. |
Description
Login calls going to the application server don't get caught by the Omero logging infrastructure (ServiceHandler). However, calls to our api methods like changePassword, changeUserPassword, etc. do get logged. The easiest solution is to not log these methods (or at least to log them with a secure logger). It would also be possible to introduce a ParameterAnnotation to omit certain parameters:
public void changePassword( String user, @DontLog String newPassword );