Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-5128

Database Password Is Being Logged in Clear Text in Debug Logs

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 3.5.0
    • None
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      The database password is being logged in clear text when debug logging is turned on:

      2014-04-01 09:14:13,553 DEBUG [qtp554279358-1650 ] fisheye ProfilingServletFilter-logRequest - end request in 75ms POST /admin/migrateDialog.do?dbConfig.jdbcURL=jdbc%3Amysql%3A%2F%2Fpenetrator%2Fricardo&
dbConfig.maxPoolSize=20&dbConfig.type=MYSQL&passwordChanged=true&dbConfig.username=ricardo&dbConfig.password=whatever&edit=y&dbConfig.minPoolSize=5&dbConfig.params=useUnicode%3Dtrue%0D%0AcharacterEncodin
g%3DUTF8%0D%0AconnectionCollation%3DUTF8_bin sessionid=i2lzt4e1mh73zjvklqnfgwl 302

      Attachments

        Activity

          People

            tom@atlassian.com Tom Davies
            rluispereiramartins RicardoA
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: