HSAdmin Backend Domains, E-Mail, Datenbanken
Peter Hormanns
2018-03-07 240c391abdab2e5421d1d0ea4899606873c1f213
hide passwords in logs
2 files modified
11 ■■■■ changed files
hsarback/src/de/hsadmin/core/qserv/CommandShell.java 7 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/core/util/TextUtil.java 4 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/core/qserv/CommandShell.java
@@ -9,6 +9,8 @@
import java.util.logging.Level;
import java.util.logging.Logger;
import de.hsadmin.core.util.TextUtil;
public class CommandShell {
    
    private static final Logger logger = Logger.getLogger("de.hsadmin.core.qserv");
@@ -28,7 +30,10 @@
                if (logCommand != null && (logCommand.startsWith("newusers") || logCommand.startsWith("chpasswd"))) {
                    // escape new password !
                    final String[] strings = stdInput.split("\\:", 3);
                    logCommand += "<<EOF\n" + strings[0] + ":***:";
                    logCommand += "<<EOF\n" + strings[0];
                    if (strings.length > 1) {
                        logCommand += ":" + TextUtil.hidePassword(strings[1]) + ":";
                    }
                    if (strings.length > 2) {
                        logCommand += strings[2] + "EOF";
                    }
hsarback/src/de/hsadmin/core/util/TextUtil.java
@@ -77,8 +77,8 @@
    }
    
    public static synchronized String hidePassword(String passwd) {
        StringBuffer val = new StringBuffer(passwd.substring(0, 2));
        for (int i = 2; i < passwd.length(); i++) {
        final StringBuffer val = new StringBuffer(passwd.substring(0, 2));
        for (int i = 2; i < 6; i++) {
            val.append('*');
        }
        return val.toString();