cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password visible in the default trace file

former_member214651
Active Contributor

on ‎12-14-2009 12:32 PM

0 Kudos

Hi All,

I have problem in one of my application. When i see the default trace on my server, i can see the username and the password of the person who has the access to th application on the portal which is not required. I tried setting the severity level of the application to "Error" in NWA. but still i am unable to prevent the password being printed in the trace file.

Please let me know what needs to be done for stopping this.

Regards,

poojith MV

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

siarhei_pisarenka3
Active Contributor
‎12-14-2009 1:17 PM
0 Kudos

Hi poojith MV

In general this is one of security requirements for a development: do not print any passwords in the logs. If you are the application developer for the application then you are responsible for such things.

Attribute Location of the message in the log will help you to understand Java class who prints the message.

If you cannot change the application logic then try to increase the Severity up to ERROR or even set to None for the application root Location.

BR, Siarhei

Show replies
Show replies
former_member214651
Active Contributor
‎12-15-2009 3:28 AM
0 Kudos

Hi,

Thanks for the reply. As I have already mentioned in my post earlier, setting the severity level of the application in NWA to "Error" is also not stopping the password being written in the trace file.

In the coding part I have used the SAP logging API for using the logs and traces. Only the error statements are being written.

Are there any settings to be made on the CE server to disable these settings?

Regards,

Poojith MV

Ask a Question