Details
-
Suggestion
-
Resolution: Fixed
-
None
-
None
Description
The database password is being logged in clear text when debug logging is turned on:
2014-04-01 09:14:13,553 DEBUG [qtp554279358-1650 ] fisheye ProfilingServletFilter-logRequest - end request in 75ms POST /admin/migrateDialog.do?dbConfig.jdbcURL=jdbc%3Amysql%3A%2F%2Fpenetrator%2Fricardo& dbConfig.maxPoolSize=20&dbConfig.type=MYSQL&passwordChanged=true&dbConfig.username=ricardo&dbConfig.password=whatever&edit=y&dbConfig.minPoolSize=5&dbConfig.params=useUnicode%3Dtrue%0D%0AcharacterEncodin g%3DUTF8%0D%0AconnectionCollation%3DUTF8_bin sessionid=i2lzt4e1mh73zjvklqnfgwl 302