[cas-dev] CAS 3.0.6 Debug Log Level Shows Cleartext Passwords
Jason Shao
jayshao at rutgers.edu
Tue Feb 20 13:45:39 EST 2007
Scott Battaglia wrote:
> Its not anything CAS related. Its request parameters being displayed
> by Spring.
>
> -Scott
Right, missed that. Then -- given that passwords going through the login
form have to go through there, should the default Log4J.properties ship
with more detailed logging configuration to exclude those parameters
from being unintentionally exposed?
Jason
--
Jason Shao
Application Developer, Architecture & Engineering Team
Rutgers University - Enterprise Systems & Services
v. 732-445-2869 | f. 732-445-5493 | jayshao at rutgers.edu
More information about the cas-dev
mailing list