Jithu, I would be inclined to confirm whether your deployment is
utilising System.out, System.err or a logging api to print your incoming
FORM request attributes?
RGS SY
Filip Hanik - Dev Lists wrote:
Tomcat doesn't print any usernames passwords to any logfiles.
So most likely, your application is what is causing it.
Filip
jithu mada wrote:
---------- Forwarded message ----------
From: jithu mada <jithu.m...@gmail.com>
Date: Wed, Apr 22, 2009 at 5:38 PM
Subject: username/password being logged in clear text
To: users@tomcat.apache.org
Hi,
We are using Tomcat 5.0.27. Whenever the user logs using GET or POST request
his/her username and password are being logged in clear text in the
localhost access logs. It has become a security issue as anyone with an
account to the system can browse through the logs and find out the username
and password of the users.
So I was going through the documentation to find if there is any attribute
which controls this behavior and we can prevent it from being printed in the
log file but I couldn't find one.
And I am using org.apache.catalina.logger.FileLogger as the Logger class.
I really appreciate if you can help me out here.
thanks
Jitender
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
