Connection problems and strange stuff in log
I'm seeing strange behavior when I try to connect to a Tigase instance installed from tigase-server-5.1.0-beta4-b2836.jar. My connection attempts fails, and the log seems to show some corruption in the stream, e.g.:
<iq type='set' id='auth'><query xmlns='jabber:iq:auth'>
The Tigase log shows
2012-02-13 19:05:50 ClientConnectionManager.processSocketData()
FINEST: Processing socket data: from=null, to=null, DATA=
<iq id="auth" type="set"><query xmlns="jabber:iq:auth">
<username>CData size: 19</username>
<resource>CData size: 5</resource>
<password>CData size: 8</password>
SIZE=163, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE,
TYPE=set from connection:
Note the "CData size: 8", for example, instead of the expected "password". After this point all subsequent logs related to this client have the same problem.
This does not happen if I try a different client with the same request, but coming from another machine. It also doesn't happen with the same client that has the problem when pointing to a different Tigase server running from source (trunk rev. 2847).
Anyone have any ideas what might be happening? Thanks!
This is all "by design" and correct. What more, this should happen regardless what client you use, etc....
The thing is that I wanted to be able to print logs in such a way to protect users' privacy. So only information that are critical to debugging are exposed and users' personal data like passwords, or message content is hidden. Instead the Tigase prints how much character data (CDATA) was in this place.
I think this is a critical thing for public or any production installation. You want your logs to be able troubleshoot problems, and users do not want you to look at their chats, passwords are much less of a problem, since you as an admin have access to the DB with passwords anyway.
That said, I have to admit, this protection has not been implemented in all places in the Tigase code, hence you can sometimes see the message content if it is printed by some components, but most of the time it should be replaced with 'CData size: NNN'.
There is a way to switch it off though. Printing the whole packet content with all character data (passwords, message content, etc..) can be very useful during development time or debugging a new installation at setting things up time.
It is as simple as adding line to your
or as JVM property:
There is also a way to change it at runtime.
Thanks, good to know!