Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-5468

sslPEMKeyPassword Should not be visible in logs and similar

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Minor - P4 Minor - P4
    • 2.1.2
    • 2.0.4, 2.1.0
    • Logging, Security
    • None
    • SSL Enabled Build

    Description

      Currently, the sslPEMKeyPassword is visible as plain text. While this is not a direct compromise of the key, it goes against best practices for exposure of passwords in logs and non-privileged commands.

      Attachments

        Activity

          People

            matt.dannenberg Matt Dannenberg
            adam@comerford.net Adam Comerford
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: