Bug #209 (closed)
Logging infrastructure is printing cleartext passwords on changePassword — at Version 3
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Cc: | cxallan |
Sprint: | n.a. | ||
Total Remaining Time: | n.a. |
Description (last modified by jmoore)
Login calls going to the application server don't get caught by the Omero logging infrastructure (ServiceHandler). However, calls to our api methods like changePassword, changeUserPassword, etc. do get logged. The easiest solution is to not log these methods (or at least to log them with a secure logger). It would also be possible to introduce a ParameterAnnotation to omit certain parameters:
public void changePassword( String user, @Hidden String newPassword );
Change History (3)
comment:1 Changed 18 years ago by jmoore
- Keywords changed from story114 to story114,iteration5
- Priority changed from minor to critical
comment:2 Changed 18 years ago by jmoore
- Resolution set to fixed
- Status changed from new to closed
r950 implements this. Output is of the form:
1597 [ main] INFO ome.services.util.ServiceHandler - Meth: changeUserPassword 1598 [ main] INFO ome.services.util.ServiceHandler - Args: [root, ********] 1637 [ main] INFO ome.tools.hibernate.EventHandler - Auth: user=6,group=1,event=146(EventType:Id_1)
API designers need to be careful to add the @Hidden annotation to any parameter that should not be printed in logs.
comment:3 Changed 18 years ago by jmoore
- Description modified (diff)
Why was this "minor" again? Will do during security clean up (#328)