Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-5468

sslPEMKeyPassword Should not be visible in logs and similar

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • 2.1.2
    • Affects Version/s: 2.0.4, 2.1.0
    • Component/s: Logging, Security
    • None
    • Environment:
      SSL Enabled Build

      Currently, the sslPEMKeyPassword is visible as plain text. While this is not a direct compromise of the key, it goes against best practices for exposure of passwords in logs and non-privileged commands.

            Assignee:
            matt.dannenberg Matt Dannenberg
            Reporter:
            adam@comerford.net Adam Comerford
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: