Hello,
the following code in Communication (https://github.com/Vantiv/cnp-chargeback-sdk-java/blob/2.x/src/main/java/com/cnp/sdk/Communication.java#L212) prints all headers, including the Authorization header to stdout for every request without an option to deactivate this behavior:
try {
HttpResponse response = httpClient.execute(baseRequest);
return validateResponse(response);
} catch (IOException e) {
throw new ChargebackException(CONNECTION_EXCEPTION_MESSAGE, e);
} finally {
System.out.println("Headers");
for(Header header : baseRequest.getAllHeaders()) {
System.out.println(header.getName() +" : "+header.getValue());
}
baseRequest.abort();
}In my opinion, this is both unnecessary and a potential security risk. Other debug logging uses printToConsole which is opt-in via configuration properties and masks sensitive information.
Hello,
the following code in
Communication(https://github.com/Vantiv/cnp-chargeback-sdk-java/blob/2.x/src/main/java/com/cnp/sdk/Communication.java#L212) prints all headers, including theAuthorizationheader to stdout for every request without an option to deactivate this behavior:In my opinion, this is both unnecessary and a potential security risk. Other debug logging uses
printToConsolewhich is opt-in via configuration properties and masks sensitive information.