Jasperserver server Tomcat Logs are showing user passwords

Posted on August 7, 2018 at 5:15pm

Hi All,

When a user pushes report from Jasperstudio to Jasperserver we will able to see the password of the user who pushes the report into server in Tomcat Logs.Is there any way we can encrypt the password in Jaspersoft studio?

 

 

iReport Designer
Jaspersoft Java REST Client
jasperrocks's picture
jasperrocks
495
Joined: Mar 3 2016 - 4:50pm
Last seen: 4 years 11 months ago

2 Answers:

Posted on August 8, 2018 at 4:18pm

This case has already been logged by us to TIBCO support.

The only suggestion they provided us was to modify the logging formats. Filtering the access log.

Remove %s from the following in server.xml under the tomcat directory

<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" startStopThreads="-1"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b"></Valve> </Host>

Once this is done, instead of logging the clear text password, it will log some id into the logs.

reportdev's picture
reportdev
12912
Joined: Oct 12 2015 - 12:05pm
Last seen: 1 year 3 months ago
Posted on August 9, 2018 at 3:16pm

Thanks reportdev for response

jasperrocks's picture
jasperrocks
495
Joined: Mar 3 2016 - 4:50pm
Last seen: 4 years 11 months ago
Feedback
randomness