john.gartner Posted October 8, 2014 Posted October 8, 2014 I have Jasper Server Version 5 deployed under JBoss. Every time a user logs in, in the /logs/jboss/admin/server.log file, I see a WARN message, which includes the User's password in clear text. This is a security issue, and I am looking for a way to either not show the WARN (IE, fix the issue that's causing it), or, not display the password when the WARN gets generated. Everything is working fine, so just getting the password to not to display is fine.The Warning is such: <snip>WARN [intrusionDetector] [sECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionDetector] Invalid input: context-DEFAULT, type(Script) = <snip> input=<Password is displayed here in clear text>It is followed by a ValidationException. (Note: Log is on a secure server, so I can't cut/paste the full text, but here's a snippet)ValidationException: DEFAULT: Invalid Input. Please conform to regex <snip> at ...StringValidationRule.checkWhitelist(StringValidationRule.java:144)If anyone could give me a hint at what to look at, I'd appreciate it,Thx in Advance,John
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now