Mark Anderson created CXF-6262:
----------------------------------
Summary: LoggingInterceptor logs password when using UsernameToken
with plaintext password
Key: CXF-6262
URL: https://issues.apache.org/jira/browse/CXF-6262
Project: CXF
Issue Type: Bug
Affects Versions: 2.7.14
Reporter: Mark Anderson
The LoggingInterceptor will log the password when UsernameToken with plaintext
password is used.
Could the password text be masked (even optionally) in the logging output as
this could be viewed as a security issue in some environments. For example
https is used to protect the password on the wire but it could then be
intercepted by changing logging levels.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
