|Applies To||RSA Key Manager Server 2.0.1|
Windows 2003 Server SP1
|Issue||To protect sensitive passwords in the RKM Server log files|
The Database and master passwords are logged in cleartext.
|Cause||When Tomcat is configured with Log4j logging set at the Debug level, it logs a lot of data, including the DB and master passwords in cleartext. Since this logging is done below the level of RKM it is not possible to prevent the passwords from being logged.|
|Resolution||Use Debug level logging with care. It should only be used in a test environment, and the logs need to be protected so any sensitive data is not compromised. Use Debug level logging in a production environment is not recommended.|
|Notes||See solution titled "How to enable debug in Key Manager Server?" to see how to set the logging level. Other levels that don't include as much information are: ERROR, FATAL, INFO, and WARN.|
|Legacy Article ID||a35347|