https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #5 from Markus <markus.tolksd...@sap.com> --- Hi, @Remy: didn't know that it is considered rude to re-open a bug, if I'm not satisfied with the solution. But if it is like that I continue to discuss without re-opening. Please excuse my wrong behavior. I'm not saying that you need to recognize arbitrary parameters that might contain sensitive data. But IMHO the ones that are well-known to tomcat should be masked. Yes, it's only when turning on trace at a higher level, but this is still a bad thing. Assume that not only the affected person is reading the logs - this means that a second one would immediately see that password, even without bad intentions this is not a good thing. Please consider revising your decision Best regards, Markus -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
