From 7535ebacc69a7b39993992c62cfc3456cdbe1d45 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 27 Sep 2013 08:02:33 -0400
Subject: [PATCH] Do not log passwords on failed authentication attempts (issue-316)

---
 src/main/java/com/gitblit/GitBlit.java |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index 2cebe82..c31a0e9 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -947,8 +947,8 @@
 							user.username, httpRequest.getRemoteAddr()));
 					return user;
 				} else {
-					logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials ({1}) from {2}", 
-							username, credentials, httpRequest.getRemoteAddr()));
+					logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}", 
+							username, httpRequest.getRemoteAddr()));
 				}
 			}
 		}

--
Gitblit v1.9.1