[
https://issues.apache.org/jira/browse/OFBIZ-9310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aditya Sharma updated OFBIZ-9310:
---------------------------------
Attachment: OFBIZ-9310.patch
Removed the line that prints "Request Parameter Map Entries" as it may print username and password entered by user when verbose set to true. It may not be a grave concern for staging environment as verbose are not logged there but it is still unethical to print such details.
> On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs
> -----------------------------------------------------------------------------------------------
>
> Key: OFBIZ-9310
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9310> Project: OFBiz
> Issue Type: Bug
> Reporter: Aditya Sharma
> Assignee: Aditya Sharma
> Attachments: OFBIZ-9310.patch
>
>
> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String> nameSet, Boolean onlyIncludeOrSkip) method, following line of code prints username and password in logs when verbose is set to true.
> if (Debug.verboseOn()) {
> Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
> Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
> }
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Locked
