hide passwords in logs

hsarback/src/de/hsadmin/core/qserv/CommandShell.java

@@ -9,6 +9,8 @@ import java.io.PrintWriter;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import de.hsadmin.core.util.TextUtil;
+
 public class CommandShell {
 	
 	private static final Logger logger = Logger.getLogger("de.hsadmin.core.qserv");
@@ -28,7 +30,10 @@ public class CommandShell {
 				if (logCommand != null && (logCommand.startsWith("newusers") || logCommand.startsWith("chpasswd"))) {
 					// escape new password !
 					final String[] strings = stdInput.split("\\:", 3);
-					logCommand += "<<EOF\n" + strings[0] + ":***:";
+					logCommand += "<<EOF\n" + strings[0];
+					if (strings.length > 1) {
+						logCommand += ":" + TextUtil.hidePassword(strings[1]) + ":";
+					}
 					if (strings.length > 2) {
 						logCommand += strings[2] + "EOF";
 					}

hsarback/src/de/hsadmin/core/util/TextUtil.java

@@ -77,8 +77,8 @@ public class TextUtil {
 	}
 	
 	public static synchronized String hidePassword(String passwd) {
-		StringBuffer val = new StringBuffer(passwd.substring(0, 2));
+		final StringBuffer val = new StringBuffer(passwd.substring(0, 2));
-		for (int i = 2; i < passwd.length(); i++) {
+		for (int i = 2; i < 6; i++) {
 			val.append('*');
 		}
 		return val.toString();