diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-12 18:35:32 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-12 18:35:32 +0000 |
commit | 7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec (patch) | |
tree | 5dafd62821ed01a6d5540b5b9b02f3f19677f7a7 /pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | |
parent | 7315a95377ee364d8f14c68ef4a469fc7dae743d (diff) | |
download | pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.gz pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.xz pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.zip |
Bugzilla Bug #467155 - Change "renameTo" to "cp -p ".
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@225 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 995ca5e33..c8a2483d8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -433,21 +433,40 @@ public class ProfileSubmitServlet extends ProfileServlet { Locale locale = getLocale(request); ArgSet args = new ArgSet(); -//xxx this ought to be removed. pwds are logged -/* if (CMS.debugOn()) { - CMS.debug("Start of Input Parameters"); + CMS.debug("Start of ProfileSubmitServlet Input Parameters"); Enumeration paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); - - CMS.debug("Input Parameter " + paramName + "='" + - request.getParameter(paramName) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='(sensitive)'"); + } else { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); + } } - CMS.debug("End of Input Parameters"); + CMS.debug("End of ProfileSubmitServlet Input Parameters"); } -*/ CMS.debug("ProfileSubmitServlet: start serving"); |