From 283666b03891aaaf397ec560f86ca1c62fd1576c Mon Sep 17 00:00:00 2001 From: Devdeep Singh Date: Tue, 19 Aug 2014 14:03:12 +0530 Subject: [PATCH] Password is logged in api server logs while creating a storage pool and while adding an image store of type SMB. Cleaning the message before logging. --- server/src/com/cloud/api/ApiServlet.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java index 454fc8b1ddd..c7d06093a1a 100644 --- a/server/src/com/cloud/api/ApiServlet.java +++ b/server/src/com/cloud/api/ApiServlet.java @@ -208,7 +208,7 @@ public class ApiServlet extends HttpServlet { } } - auditTrailSb.append(req.getQueryString()); + auditTrailSb.append(StringUtils.cleanString(req.getQueryString())); final boolean isNew = ((session == null) ? true : session.isNew()); // Initialize an empty context and we will update it after we have verified the request below,