You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Claus Ibsen (JIRA)" <ji...@apache.org> on 2011/09/08 16:08:08 UTC
[jira] [Created] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
mask username and passwords in endpoint uris when logging
---------------------------------------------------------
Key: CAMEL-4426
URL: https://issues.apache.org/jira/browse/CAMEL-4426
Project: Camel
Issue Type: Improvement
Components: camel-core
Reporter: Claus Ibsen
Fix For: 2.9.0
We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
See nabble
http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-4426:
-------------------------------
Affects Version/s: 2.6.0
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.9.0
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "Claus Ibsen (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen resolved CAMEL-4426.
--------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.10)
2.9.0
Assignee: Claus Ibsen
Yeah lets keep it as is, password is masked.
If people want to talk about masking usernames as well, then lets do it on @dev and have more community involvement.
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Assignee: Claus Ibsen
> Fix For: 2.9.0
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "David J. M. Karlsen (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13145337#comment-13145337 ]
David J. M. Karlsen commented on CAMEL-4426:
--------------------------------------------
I think only the password is sensitive. Being able to see the username is handy for debugging purposes.
Quite often this problem is solved this way (only masking password).
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.10
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "Claus Ibsen (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-4426:
-------------------------------
Fix Version/s: (was: 2.9.0)
2.10
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.10
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CAMEL-4426) mask username and
passwords in endpoint uris when logging
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13100339#comment-13100339 ]
Claus Ibsen edited comment on CAMEL-4426 at 9/8/11 2:09 PM:
------------------------------------------------------------
A piece of the pastebin from the user report
Notice the end user have already masked the username
{code}
16:48:31,742 | WARN | v2/KD117787S7/in | eFilePollingConsumerPollStrategy | ? ? | 68 - org.apache.camel.camel-core - 2.6.0.fuse-02-05 | Consumer Consumer[ftp://**********/in?delay=10000&delete=true&doneFileName=%24%7Bfile%3Aname%7D.sem&exclusiveReadLockStrategy=%23concurrentStrategyService&maxMessagesPerPoll=1&moveFailed=.error&passiveMode=true&password=****&stepwise=false] could not poll endpoint: ftp://*********/in?delay=10000&delete=true&doneFileName=%24%7Bfile%3Aname%7D.sem&exclusiveReadLockStrategy=%23concurrentStrategyService&maxMessagesPerPoll=1&moveFailed=.error&passiveMode=true&password=*********&stepwise=false caused by: File operation failed: 227 Entering Passive Mode (195,145,31,140,152,248).
227 Entering Passive Mode (195,145,31,140,152,251).
Connection timed out. Code: 227
org.apache.camel.component.file.GenericFileOperationFailedException: File operation failed: 227 Entering Passive Mode (195,145,31,140,152,248).
227 Entering Passive Mode (195,145,31,140,152,251).
Connection timed out. Code: 227
at org.apache.camel.component.file.remote.FtpOperations.listFiles(FtpOperations.java:662)[208:org.apache.camel.camel-ftp:2.6.0.fuse-02-05]
{code}
was (Author: davsclaus):
A piece of the pastebin from the user report
16:48:31,742 | WARN | v2/KD117787S7/in | eFilePollingConsumerPollStrategy | ? ? | 68 - org.apache.camel.camel-core - 2.6.0.fuse-02-05 | Consumer Consumer[ftp://**********/in?delay=10000&delete=true&doneFileName=%24%7Bfile%3Aname%7D.sem&exclusiveReadLockStrategy=%23concurrentStrategyService&maxMessagesPerPoll=1&moveFailed=.error&passiveMode=true&password=****&stepwise=false] could not poll endpoint: ftp://*********/in?delay=10000&delete=true&doneFileName=%24%7Bfile%3Aname%7D.sem&exclusiveReadLockStrategy=%23concurrentStrategyService&maxMessagesPerPoll=1&moveFailed=.error&passiveMode=true&password=*********&stepwise=false caused by: File operation failed: 227 Entering Passive Mode (195,145,31,140,152,248).
227 Entering Passive Mode (195,145,31,140,152,251).
Connection timed out. Code: 227
org.apache.camel.component.file.GenericFileOperationFailedException: File operation failed: 227 Entering Passive Mode (195,145,31,140,152,248).
227 Entering Passive Mode (195,145,31,140,152,251).
Connection timed out. Code: 227
at org.apache.camel.component.file.remote.FtpOperations.listFiles(FtpOperations.java:662)[208:org.apache.camel.camel-ftp:2.6.0.fuse-02-05]
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.9.0
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "Claus Ibsen (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13145260#comment-13145260 ]
Claus Ibsen commented on CAMEL-4426:
------------------------------------
The passwords is now masked.
I wonder if we really want to mask username as well?
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.10
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13100339#comment-13100339 ]
Claus Ibsen commented on CAMEL-4426:
------------------------------------
A piece of the pastebin from the user report
16:48:31,742 | WARN | v2/KD117787S7/in | eFilePollingConsumerPollStrategy | ? ? | 68 - org.apache.camel.camel-core - 2.6.0.fuse-02-05 | Consumer Consumer[ftp://**********/in?delay=10000&delete=true&doneFileName=%24%7Bfile%3Aname%7D.sem&exclusiveReadLockStrategy=%23concurrentStrategyService&maxMessagesPerPoll=1&moveFailed=.error&passiveMode=true&password=****&stepwise=false] could not poll endpoint: ftp://*********/in?delay=10000&delete=true&doneFileName=%24%7Bfile%3Aname%7D.sem&exclusiveReadLockStrategy=%23concurrentStrategyService&maxMessagesPerPoll=1&moveFailed=.error&passiveMode=true&password=*********&stepwise=false caused by: File operation failed: 227 Entering Passive Mode (195,145,31,140,152,248).
227 Entering Passive Mode (195,145,31,140,152,251).
Connection timed out. Code: 227
org.apache.camel.component.file.GenericFileOperationFailedException: File operation failed: 227 Entering Passive Mode (195,145,31,140,152,248).
227 Entering Passive Mode (195,145,31,140,152,251).
Connection timed out. Code: 227
at org.apache.camel.component.file.remote.FtpOperations.listFiles(FtpOperations.java:662)[208:org.apache.camel.camel-ftp:2.6.0.fuse-02-05]
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.9.0
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4426) mask username and passwords in
endpoint uris when logging
Posted by "Hadrian Zbarcea (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13100349#comment-13100349 ]
Hadrian Zbarcea commented on CAMEL-4426:
----------------------------------------
I have a general solution for this. I will take care of it once I sort out the invalid URIs problem.
> mask username and passwords in endpoint uris when logging
> ---------------------------------------------------------
>
> Key: CAMEL-4426
> URL: https://issues.apache.org/jira/browse/CAMEL-4426
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Affects Versions: 2.6.0
> Reporter: Claus Ibsen
> Fix For: 2.9.0
>
>
> We have logic in place which can mask username/paswords etc. We just need to make sure that there is not a gap somewhere where the logic wasn't in use, as an end user reported an issue recently. So this is a ticket to not forget about this and look into it.
> See nabble
> http://camel.465427.n5.nabble.com/usernames-and-passwords-in-logs-tp4753576p4753576.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira