search

mway08 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

ESAPI property file values are being logged #33

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Trail logs during server starup
2. Watch ESAPI log all property values
3.

What is the expected output? What do you see instead?

I expect the security property file values to not be logged.

What version of the product are you using? On what operating system?

All.

Please provide any additional information below.

The users is right and we are going to fix this soon.
Jeff proposes we add a flag to turn off logging display, so we can leave it
on during development. Turn this off by default.

Original issue reported on code.google.com by manico.james@gmail.com on 8 Oct 2009 at 9:24

GoogleCodeExporter commented 9 years ago 
Code that leaked this info was commented out. Please confirm fix.

Original comment by manico.james@gmail.com on 14 Oct 2009 at 12:56