9 Replies Latest reply: Apr 3, 2012 7:04 AM by Rahul Singh RSS

    Passwords are getting logged in log file through datasource configuration when jboss logging is in debug level

    Rahul Singh Newbie

      The passwords are getting logged in debug level For example we can see the below entries in logs
      2012-03-08 12:21:28,108 DEBUG [org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment] [ main] setting property: XADataSourceProperties to value URL=jdbc:sqlserver://xxxxx:1433;databaseName=TestDatabase;responseBuffering=full;SelectMethod=cursor;
      User=sa
      Password=root

      After using datasource fragment in *.ds.xml

               <xa-datasource-property name="User">${username}</xa-datasource-property>
      <xa-datasource-property name="Password">${password}</xa-datasource-property>

      Also tried using

      <user-name>${username}</user-name>
      <password>${password}</password>

      Password is coming in plain text through debug logging.