Jasperserver server Tomcat Logs are showing user passwords

0

Hi All,

When a user pushes report from Jasperstudio to Jasperserver we will able to see the password of the user who pushes the report into server in Tomcat Logs.Is there any way we can encrypt the password in Jaspersoft studio?

 

 

jasperrocks's picture
Joined: Mar 3 2016 - 4:50pm
Last seen: 1 year 4 months ago

2 Answers:

1

This case has already been logged by us to TIBCO support.

The only suggestion they provided us was to modify the logging formats. Filtering the access log.

Remove %s from the following in server.xml under the tomcat directory

<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" startStopThreads="-1"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b"></Valve> </Host>

Once this is done, instead of logging the clear text password, it will log some id into the logs.

reportdev's picture
1232
Joined: Oct 12 2015 - 12:05pm
Last seen: 3 months 3 days ago
0

Thanks reportdev for response

jasperrocks's picture
Joined: Mar 3 2016 - 4:50pm
Last seen: 1 year 4 months ago
Feedback
randomness