27 lines
1.8 KiB
Diff
27 lines
1.8 KiB
Diff
From 8b63e258502f9f55b33b2e0b02a2e24cf5d2f1c1 Mon Sep 17 00:00:00 2001
|
|
From: Paramvir Jindal <pjindal@pjindal.pnq.csb>
|
|
Date: Fri, 11 Oct 2019 11:51:22 +0530
|
|
Subject: [PATCH] UNDERTOW-1576: BASIC auth password is output as plain text at
|
|
DEBUG level logging in BasicAuthenticationMechanism
|
|
|
|
---
|
|
.../undertow/security/impl/BasicAuthenticationMechanism.java | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/core/src/main/java/io/undertow/security/impl/BasicAuthenticationMechanism.java b/core/src/main/java/io/undertow/security/impl/BasicAuthenticationMechanism.java
|
|
index 7042e8ff66..94e786427e 100644
|
|
--- a/core/src/main/java/io/undertow/security/impl/BasicAuthenticationMechanism.java
|
|
+++ b/core/src/main/java/io/undertow/security/impl/BasicAuthenticationMechanism.java
|
|
@@ -151,9 +151,9 @@ public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange,
|
|
}
|
|
|
|
plainChallenge = new String(decode.array(), decode.arrayOffset(), decode.limit(), charset);
|
|
- UndertowLogger.SECURITY_LOGGER.debugf("Found basic auth header %s (decoded using charset %s) in %s", plainChallenge, charset, exchange);
|
|
+ UndertowLogger.SECURITY_LOGGER.debugf("Found basic auth header (decoded using charset %s) in %s", charset, exchange);
|
|
} catch (IOException e) {
|
|
- UndertowLogger.SECURITY_LOGGER.debugf(e, "Failed to decode basic auth header %s in %s", base64Challenge, exchange);
|
|
+ UndertowLogger.SECURITY_LOGGER.debugf(e, "Failed to decode basic auth header in %s", exchange);
|
|
}
|
|
int colonPos;
|
|
if (plainChallenge != null && (colonPos = plainChallenge.indexOf(COLON)) > -1) {
|