1 files changed, 25 insertions, 5 deletions

diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
index 69dc7910e..8b85cd5be 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -53,15 +53,35 @@ public class BaseServlet extends VelocityServlet {
     }
 
     public void outputHttpParameters(HttpServletRequest httpReq) {
-        CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI());
+        CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration paramNames = httpReq.getParameterNames();
 
         while (paramNames.hasMoreElements()) {
             String pn = (String) paramNames.nextElement();
-
-            CMS.debug(
-                    "CMSServlet::service() param name='" + pn + "' value='"
-                    + httpReq.getParameter(pn) + "'");
+            // added this facility so that password can be hidden,
+            // all sensitive parameters should be prefixed with 
+            // __ (double underscores); however, in the event that
+            // a security parameter slips through, we perform multiple
+            // additional checks to insure that it is NOT displayed
+            if( pn.startsWith("__")                         ||
+                pn.endsWith("password")                     ||
+                pn.endsWith("passwd")                       ||
+                pn.endsWith("pwd")                          ||
+                pn.equalsIgnoreCase("admin_password_again") ||
+                pn.equalsIgnoreCase("bindpassword")         ||
+                pn.equalsIgnoreCase("bindpwd")              ||
+                pn.equalsIgnoreCase("passwd")               ||
+                pn.equalsIgnoreCase("password")             ||
+                pn.equalsIgnoreCase("pin")                  ||
+                pn.equalsIgnoreCase("pwd")                  ||
+                pn.equalsIgnoreCase("pwdagain")             ||
+                pn.equalsIgnoreCase("uPasswd") ) {
+               CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='(sensitive)'" );
+            } else {
+               CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'" );
+            }
         }
     }