diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-12 18:35:32 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-12 18:35:32 +0000 |
commit | 7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec (patch) | |
tree | 5dafd62821ed01a6d5540b5b9b02f3f19677f7a7 /pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java | |
parent | 7315a95377ee364d8f14c68ef4a469fc7dae743d (diff) | |
download | pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.gz pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.xz pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.zip |
Bugzilla Bug #467155 - Change "renameTo" to "cp -p ".
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@225 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 72c441b5b..1f1daec25 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -403,13 +403,29 @@ public abstract class CMSServlet extends HttpServlet { Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - // added this facility so that password can be hided, + // added this facility so that password can be hidden, // all sensitive parameters should be prefixed with - // __ (double underscores) - if (pn.startsWith("__")) { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" ); + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } |