Connection problems and strange stuff in log

3 replies [Last post]
Tue, 2012-02-14 04:01
Anonymous

Hi:

I'm seeing strange behavior when I try to connect to a Tigase instance installed from tigase-server-5.1.0-beta4-b2836.jar. My connection attempts fails, and the log seems to show some corruption in the stream, e.g.:

After sending

<iq type='set' id='auth'><query xmlns='jabber:iq:auth'>
<username>gw-001db7000002bc39</username>
<resource>Smack</resource>
<password>password</password>
</query></iq>

The Tigase log shows

2012-02-13 19:05:50  ClientConnectionManager.processSocketData()
FINEST: Processing socket data: from=null, to=null, DATA=
<iq id="auth" type="set"><query xmlns="jabber:iq:auth">
<username>CData size: 19</username>
<resource>CData size: 5</resource>
<password>CData size: 8</password>
</query></iq>,
SIZE=163, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE,
TYPE=set from connection:
192.168.216.101_5222_192.168.219.134_56174

Note the "CData size: 8", for example, instead of the expected "password". After this point all subsequent logs related to this client have the same problem.

This does not happen if I try a different client with the same request, but coming from another machine. It also doesn't happen with the same client that has the problem when pointing to a different Tigase server running from source (trunk rev. 2847).

Anyone have any ideas what might be happening? Thanks!

Top
Tue, 2012-02-14 06:00
#1
kobit's picture
Artur Hefczyc
Offline
Joined: 2006-09-03
Points: 267814

This is all "by design" and correct. What more, this should happen regardless what client you use, etc....
The thing is that I wanted to be able to print logs in such a way to protect users' privacy. So only information that are critical to debugging are exposed and users' personal data like passwords, or message content is hidden. Instead the Tigase prints how much character data (CDATA) was in this place.

I think this is a critical thing for public or any production installation. You want your logs to be able troubleshoot problems, and users do not want you to look at their chats, passwords are much less of a problem, since you as an admin have access to the DB with passwords anyway.

That said, I have to admit, this protection has not been implemented in all places in the Tigase code, hence you can sometimes see the message content if it is printed by some components, but most of the time it should be replaced with 'CData size: NNN'.

There is a way to switch it off though. Printing the whole packet content with all character data (passwords, message content, etc..) can be very useful during development time or debugging a new installation at setting things up time.

It is as simple as adding line to your init.properties file:

--packet.debug.full=true

or as JVM property:

-Dpacket.debug.full=true

There is also a way to change it at runtime.

Top
Tue, 2012-02-14 21:30
#2
Hector Urroz (not verified)

Thanks, good to know!

Top
Tue, 2012-02-14 21:31
#3
Hector Urroz (not verified)

Thanks!

Top

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.