You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/11/17 14:17:00 UTC
[jira] [Resolved] (NIFI-3713) Examine logs to ensure that data is not leaked to logs when the corresponding repository is encrypted
[ https://issues.apache.org/jira/browse/NIFI-3713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-3713.
------------------------------------
Fix Version/s: 1.15.0
Resolution: Fixed
Recent updates to the encrypted repository implementations did not show signs of logging protected information. Individual processors may log attributes, and supporting libraries may incorporate debug or trace logging that could write sensitive information. For the default NiFi configuration, however, the encrypted repository implementations should not log sensitive information.
> Examine logs to ensure that data is not leaked to logs when the corresponding repository is encrypted
> -----------------------------------------------------------------------------------------------------
>
> Key: NIFI-3713
> URL: https://issues.apache.org/jira/browse/NIFI-3713
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Reporter: Andy LoPresto
> Assignee: David Handermann
> Priority: Major
> Labels: data-leak, logging, security
> Fix For: 1.15.0
>
>
> I have noticed some of the logging statements (see {{LuceneEventIndex}}, etc.) print the flowfile attributes or provenance event record contents. I corrected some of these but the data can be useful for tracing and diagnostics if it is not sensitive. It is difficult to determine if the repository is encrypted without changing the method signatures and passing additional information. This will need an exhaustive audit to ensure no data leakage is occurring.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)