| Summary: | mod_jk - JK Status Manager page Dump shows my secret | ||
|---|---|---|---|
| Product: | Tomcat Connectors | Reporter: | Fred K <fredk2> |
| Component: | mod_jk | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | regression | ||
| Priority: | P2 | ||
| Version: | 1.2.28 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
Fixed in the SVN. Any property ending with .secret will not be shown in dump Will be part of 1.2.29. |
Hi, I setup the JK Status for mod_jk 1.2.28 and the "Dump" link shows all the properties and *disturbingly* :) also worker.template.secret=my-secret-word We spoke about this once before when the link "Property" showed all the properties and "secret". This was fixed maybe circa 1.2.25 . I would kindly suggest that the same exclusion be applied to Dump....or introduce another property: worker.jkstatus.dump=false Many Thanks - Fred