You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Victor Chen (JIRA)" <ji...@apache.org> on 2015/06/30 00:51:05 UTC

[jira] [Created] (CASSANDRA-9682) setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace username/password to show up in system.log

Victor Chen created CASSANDRA-9682:
--------------------------------------

             Summary: setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace username/password to show up in system.log
                 Key: CASSANDRA-9682
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9682
             Project: Cassandra
          Issue Type: Improvement
         Environment: running on linux
            Reporter: Victor Chen


if using a third party log aggregator (which many cloud users use), this causes db credentials to be reproduced offsite, which has potential to be security issue.

example system.log entry:
{noformat}
DEBUG [Native-Transport-Requests:373] 2015-06-21 07:52:44,595 Message.java (line 326) Responding: AUTHENTICATE org.apache.cassandra.auth.PasswordAuthenticator, v=1
DEBUG [Native-Transport-Requests:384] 2015-06-21 07:52:44,597 Message.java (line 319) Received: CREDENTIALS {username=redacted, password=redacted}, v=1
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)