APAR status
Closed as program error.
Error description
When tracing is enabled and form login is used, the j_password
value is passed to j_security_check and is displayed in clear
text in the trace.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users *
****************************************************************
* PROBLEM DESCRIPTION: If customer enables trace, j_password *
* is passed to j_security_check and *
* displayed in clear txt in log *
****************************************************************
* RECOMMENDATION: *
****************************************************************
WebSphere Application Server does not properly handle
j_password value in log
Problem conclusion
When trace is enabled, Application Server will now put
j_password as "***" in log
Temporary fix
fix is checked in.Will be in next service pack
Comments
APAR information |
APAR number |
PQ86897 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-03-30 |
Closed date |
2004-05-06 |
Last modified date |
2004-05-06 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|