Bug 48305 - mod_jk - JK Status Manager page Dump shows my secret
Summary: mod_jk - JK Status Manager page Dump shows my secret
Status: RESOLVED FIXED
Alias: None
Product: Tomcat Connectors
Classification: Unclassified
Component: mod_jk (show other bugs)
Version: 1.2.28
Hardware: All All
: P2 regression (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-30 13:41 UTC by Fred K
Modified: 2010-02-23 02:55 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fred K 2009-11-30 13:41:15 UTC 
Hi,

I setup the JK Status for mod_jk 1.2.28 and the "Dump" link shows all the properties and *disturbingly* :) also
    worker.template.secret=my-secret-word

We spoke about this once before when the link "Property" showed all the properties and "secret". This was fixed maybe circa 1.2.25 .  I would kindly suggest that the same exclusion be applied to Dump....or introduce another property:
    worker.jkstatus.dump=false

Many Thanks - Fred
Comment 1 Mladen Turk 2009-12-21 04:40:08 UTC 
Fixed in the SVN. Any property ending with .secret will not be shown in dump
Comment 2 Rainer Jung 2010-02-23 02:55:27 UTC 
Will be part of 1.2.29.