Hi All,

I wonder if any of you guys have ever experienced such a problem and have any workaround about it.

In certain situations, the class NamingHelper will write credential information to the log.

To be more specific, in the method getInitialContext() of the class org.hibernate.util.NamingHelper, there're following 2 lines

Hashtable hash = getJndiProperties(props);
log.info("JNDI InitialContext properties:" + hash);

This will result in the clear text of the credential information in the conditions that the credential properties are set and the log level is lower than INFO.

In our case, we have to set the "hibernate.jndi.java.naming.security.principal" and "hibernate.jndi.java.naming.security.credentials" properties in order to register the SessionFactory to the JNDI tree on Websphere if Websphere is security enabled (Another thread viewtopic.php?f=1&t=931740&start=0 gives some description about this situation as well).

And as a result, these confidential information got printed out in the log. Any ideas to resolve it?

Thanks in advance.