>From 99c09cf2321f36eb81043aed2fa6834811ee762b Mon Sep 17 00:00:00 2001
From: Robin Rosenberg <robin.rosenberg@xxxxxxxxxx>
Date: Thu, 10 Jul 2008 22:16:19 +0200
Subject: [PATCH] Avoid password leak from URIIsh
The toString() method is commonly used for dumping information. We
never ever want to use toString when the password is needed. By masking
out the password we avoid unintentional password leaks.
Signed-off-by: Robin Rosenberg <robin.rosenberg@xxxxxxxxxx>
---
.../src/org/spearce/jgit/transport/URIish.java | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/org.spearce.jgit/src/org/spearce/jgit/transport/URIish.java b/org.spearce.jgit/src/org/spearce/jgit/transport/URIish.java
index e022e57..632c8ad 100644
--- a/org.spearce.jgit/src/org/spearce/jgit/transport/URIish.java
+++ b/org.spearce.jgit/src/org/spearce/jgit/transport/URIish.java
@@ -318,7 +318,7 @@ public class URIish {
r.append(getUser());
if (getPass() != null) {
r.append(':');
- r.append(getPass());
+ r.append("PASSWORD");
}
}
--
1.5.6.2.220.g44701
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
