From 7535ebacc69a7b39993992c62cfc3456cdbe1d45 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 27 Sep 2013 08:02:33 -0400
Subject: Do not log passwords on failed authentication attempts (issue-316)

---
 src/main/java/com/gitblit/GitBlit.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index 2cebe82b..c31a0e97 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -947,8 +947,8 @@ public class GitBlit implements ServletContextListener {
 							user.username, httpRequest.getRemoteAddr()));
 					return user;
 				} else {
-					logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials ({1}) from {2}", 
-							username, credentials, httpRequest.getRemoteAddr()));
+					logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}", 
+							username, httpRequest.getRemoteAddr()));
 				}
 			}
 		}
-- 
cgit v1.2.3