Fix vulnerability in code where password is

being exposed in logs. Issue-ID: MUSIC-406 Signed-off-by: Nelson, Thomas (tn1381) <tn1381@att.com> Change-Id: I5af16bf25a967ae27875b8c42cf746c3fa857a27
author: Nelson, Thomas (tn1381) <tn1381@att.com> 2019-06-04 12:49:02 -0400
committer: Nelson, Thomas (tn1381) <tn1381@att.com> 2019-06-04 12:49:02 -0400
commit: cfafbab668d174714fefd86d70907a089f62395b (patch)
tree: 7f7bcb3ccccca051ca2a389bebcace5b9e783461 /jar/src
parent: 95ecf188d200cfe9140423986a5577c1871a2acf (diff)
2 files changed, 3 insertions, 5 deletions
diff --git a/jar/src/main/java/org/onap/music/main/CachingUtil.java b/jar/src/main/java/org/onap/music/main/CachingUtil.java
index f0dc06fc..4b293bbb 100755
--- a/jar/src/main/java/org/onap/music/main/CachingUtil.java
+++ b/jar/src/main/java/org/onap/music/main/CachingUtil.java
@@ -319,7 +319,7 @@ public class CachingUtil implements Runnable {
         Map<String, Object> resultMap = new HashMap<>();
         if (ns == null || userId == null || password == null) {
             logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
-            logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: "+userId+" :: password: "+password);
+            logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing.");
             resultMap.put("Exception",
                             "One or more required headers appName(ns), userId, password is missing. Please check.");
             return resultMap;
diff --git a/jar/src/main/java/org/onap/music/main/MusicUtil.java b/jar/src/main/java/org/onap/music/main/MusicUtil.java
index c36da9d7..686b0d04 100755
--- a/jar/src/main/java/org/onap/music/main/MusicUtil.java
+++ b/jar/src/main/java/org/onap/music/main/MusicUtil.java
@@ -569,12 +569,10 @@ public class MusicUtil {
         }
         String cassPwd = prop.getProperty("cassandra.password");
         String isEncrypted = prop.getProperty("cassandra.password.isencrypted");
-        logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password:" + cassPwd);
-        logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password.isencrypted:" + isEncrypted);
         if("true".equals(isEncrypted)) {
-            logger.info(EELFLoggerDelegate.applicationLogger,"Decrypting....");
+            logger.debug(EELFLoggerDelegate.applicationLogger,"Decrypting....");
             cassPwd = CipherUtil.decryptPKC(cassPwd);
-            logger.info(EELFLoggerDelegate.applicationLogger,"Decrypted password: "+cassPwd);
+            logger.debug(EELFLoggerDelegate.applicationLogger,"Password Decrypted");
             MusicUtil.setCassPwd(cassPwd);
         } else
             MusicUtil.setCassPwd(cassPwd);
author	Nelson, Thomas (tn1381) <tn1381@att.com>	2019-06-04 12:49:02 -0400
committer	Nelson, Thomas (tn1381) <tn1381@att.com>	2019-06-04 12:49:02 -0400
commit	cfafbab668d174714fefd86d70907a089f62395b (patch)
tree	7f7bcb3ccccca051ca2a389bebcace5b9e783461 /jar/src
parent	95ecf188d200cfe9140423986a5577c1871a2acf (diff)