000025542 - In Debug mode the DB and master passwords are logged

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000025542
Applies ToRSA Key Manager Server 2.0.1
Windows 2003 Server SP1
IssueTo protect sensitive passwords in the RKM Server log files
The Database and master passwords are logged in cleartext.
CauseWhen Tomcat is configured with Log4j logging set at the Debug level, it logs a lot of data, including the DB and master passwords in cleartext.  Since this logging is done below the level of RKM it is not possible to prevent the passwords from being logged.
ResolutionUse Debug level logging with care.  It should only be used in a test environment, and the logs need to be protected so any sensitive data is not compromised.  Use Debug level logging in a production environment is not recommended.
NotesSee solution titled "How to enable debug in Key Manager Server?" to see how to set the logging level.  Other levels that don't include as much information are: ERROR, FATAL, INFO, and WARN.
Legacy Article IDa35347