9 Replies Latest reply: Apr 3, 2012 7:04 AM by Rahul Singh RSS

Passwords are getting logged in log file through datasource configuration when jboss logging is in debug level

Rahul Singh Newbie

The passwords are getting logged in debug level For example we can see the below entries in logs
2012-03-08 12:21:28,108 DEBUG [org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment] [ main] setting property: XADataSourceProperties to value URL=jdbc:sqlserver://xxxxx:1433;databaseName=TestDatabase;responseBuffering=full;SelectMethod=cursor;
User=sa
Password=root

After using datasource fragment in *.ds.xml

         <xa-datasource-property name="User">${username}</xa-datasource-property>
<xa-datasource-property name="Password">${password}</xa-datasource-property>

Also tried using

<user-name>${username}</user-name>
<password>${password}</password>

Password is coming in plain text through debug logging.