Data Security Issue : Vendor property password is getting logged without masking

scalar-labs / btm

JTA Transaction Manager

Apache License 2.0

424 stars 152 forks source link

Data Security Issue : Vendor property password is getting logged without masking #93

Closed aniketvsawant closed 6 years ago

aniketvsawant commented 6 years ago

Hi Team,

Bitronix is printing sensitive password details in the console when I am trying to create a XADataSource object with the driver properties and logging level is in a debug mode. Is there a default way to mask the password in the console ?

Thanks.

lorban commented 6 years ago

Unfortunately, no. You have to disable the debug logs, at least for the category that's outputting the password.