Bug #209 (closed)
Logging infrastructure is printing cleartext passwords on changePassword
| Reported by: | jamoore | Owned by: | jamoore |
|---|---|---|---|
| Priority: | critical | Cc: | cxallan |
| Sprint: | n.a. | ||
| Total Remaining Time: | n.a. |
Description (last modified by jmoore)
Login calls going to the application server don't get caught by the Omero logging infrastructure (ServiceHandler). However, calls to our api methods like changePassword, changeUserPassword, etc. do get logged. The easiest solution is to not log these methods (or at least to log them with a secure logger). It would also be possible to introduce a ParameterAnnotation to omit certain parameters:
public void changePassword( String user, @Hidden String newPassword );
Change History (5)
comment:1 Changed 18 years ago by jmoore
- Keywords changed from story114 to story114,iteration5
- Priority changed from minor to critical
comment:2 Changed 18 years ago by jmoore
- Resolution set to fixed
- Status changed from new to closed
r950 implements this. Output is of the form:
1597 [ main] INFO ome.services.util.ServiceHandler - Meth: changeUserPassword 1598 [ main] INFO ome.services.util.ServiceHandler - Args: [root, ********] 1637 [ main] INFO ome.tools.hibernate.EventHandler - Auth: user=6,group=1,event=146(EventType:Id_1)
API designers need to be careful to add the @Hidden annotation to any parameter that should not be printed in logs.
comment:3 Changed 18 years ago by jmoore
- Description modified (diff)
comment:4 Changed 18 years ago by jmoore
r963 fixes a nasty bug in the password hiding logic. The user's password argument was being replaced by "" rather than just having it print "". I.e. after calling changePassword or changeUserPassword, everyone had the same password. Fixed.
comment:5 Changed 18 years ago by jmoore
r964 fixes the ensuing NPE.
Why was this "minor" again? Will do during security clean up (#328)