From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
index 4b85a47..d3f1874 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
@@ -22,8 +22,8 @@
 
     public OtpResponseDTO sendByPhone(String phone) {
         OtpWeb otpWS = getOtpWebService();
-        log.debug("call OtpService sendOtpBySMS, url = {}, systemType = {}, service password = {}, phone = {}",
-            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), phone);
+//        log.debug("call OtpService sendOtpBySMS, url = {}, systemType = {}, service password = {}, phone = {}",
+//            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), phone);
 
         StringArray result =
             otpWS.sendOtpBySMS(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), phone);
@@ -44,8 +44,8 @@
 
     public OtpResponseDTO verifyOTP(String indexKey, String otpCode) {
         OtpWeb otpWS = getOtpWebService();
-        log.debug("call OtpService verifyOTP, url = {}, systemType = {}, service password = {}, indexKey = {}, otpCode = {}",
-            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), indexKey, otpCode);
+//        log.debug("call OtpService verifyOTP, url = {}, systemType = {}, service password = {}, indexKey = {}, otpCode = {}",
+//            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), indexKey, otpCode);
 
         StringArray result =
             otpWS.verifyOtp(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), indexKey, otpCode);

--
Gitblit v1.8.0