Jump to content

Recommended Posts

Posted

I have Jasper Server Version 5 deployed under JBoss.  Every time a user logs in, in the /logs/jboss/admin/server.log file, I see a WARN message, which includes the User's password in clear text.  This is a security issue, and I am looking for a way to either not show the WARN (IE, fix the issue that's causing it), or, not display the password when the WARN gets generated.  Everything is working fine, so just getting the password to not to display is fine.

The Warning is such:  <snip>WARN [intrusionDetector] [sECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionDetector] Invalid input: context-DEFAULT, type(Script) = <snip> input=<Password is displayed here in clear text>

It is followed by a ValidationException.  (Note: Log is on a secure server, so I can't cut/paste the full text, but here's a snippet)

ValidationException: DEFAULT: Invalid Input.  Please conform to regex <snip>  at ...StringValidationRule.checkWhitelist(StringValidationRule.java:144)

If anyone could give me a hint at what to look at, I'd appreciate it,

Thx in Advance,

John

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...