DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33187>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33187 Summary: JAASRealm logs passwords in the clear Product: Tomcat 5 Version: 5.0.28 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Catalina:Modules AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] JAASRealm logs passwords in the clear: 2005-01-20 17:26:51 JAASRealm[Catalina]: Returning username bob 2005-01-20 17:26:51 JAASRealm[Catalina]: Returning password asdf This is a huge security hole. It should require unusual and explicit configuration to get JAASRealm to emit plaintext passwords if it is even allowed at all. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
