Uploaded image for project: 'ZZZ: PUBLIC - Old Liferay Portal (Use Liferay Portal Standard Edition)'
  1. ZZZ: PUBLIC - Old Liferay Portal (Use Liferay Portal Standard Edition)
  2. LEP-5882

Logs contain failed ldap login attempts which include password

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 4.4.2, 5.0.1, 5.1.0
    • Fix Version/s: 5.1.1
    • Component/s: None
    • Labels:
      None

      Description

      When attempting to login to Liferay with LDAP enabled, error logs contain failed login attempts (username and password).

      According to "http://support.liferay.com/browse/TEPC-8", this can be turned off:
      \portal\tunnel-web\docroot\WEB-INF\classes\log4j.xml

      A better solution would be to move this detailed level of logging only when the logs are supposed to include "debug" statements.

      FIX: instead of dumping out the failed login attempt information at the "error" level, we should dump out that information at the "debug" level.

      Scott

        Attachments

          Activity

            People

            Assignee:
            raymond.auge Raymond Auge
            Reporter:
            scott.lee Scott Lee
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                5.1.1