You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/04/27 22:00:06 UTC
[jira] [Commented] (BROOKLYN-269) Sensitive external values exposed
in debug logs when using external config supplier
[ https://issues.apache.org/jira/browse/BROOKLYN-269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15987781#comment-15987781 ]
ASF GitHub Bot commented on BROOKLYN-269:
-----------------------------------------
GitHub user aledsage opened a pull request:
https://github.com/apache/brooklyn-server/pull/659
BROOKLYN-269: don’t log sensitive resolved DSL values
See https://issues.apache.org/jira/browse/BROOKLYN-269
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/brooklyn-server BROOKLYN-269
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/brooklyn-server/pull/659.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #659
----
commit 12065846ecfa79e202825f2af857fce30bdd38d2
Author: Aled Sage <al...@gmail.com>
Date: 2017-04-27T21:49:42Z
BROOKLYN-269: don’t log sensitive resolved DSL values
----
> Sensitive external values exposed in debug logs when using external config supplier
> -----------------------------------------------------------------------------------
>
> Key: BROOKLYN-269
> URL: https://issues.apache.org/jira/browse/BROOKLYN-269
> Project: Brooklyn
> Issue Type: Bug
> Affects Versions: 0.10.0
> Reporter: John McCabe
>
> Passwords etc are exposed in debug logs when using an external config supplied, in this case {{org.apache.brooklyn.core.config.external.InPlaceExternalConfigSupplier}}
> {code}
> password: $brooklyn:external("my-credentials", "supersecretpassword")
> {code}
> {code}
> 2016-05-18 07:51:27,979 DEBUG o.a.b.c.b.s.d.BrooklynDslDeferredSupplier [brooklyn-execmanager-ajTGRUqW-212]: Resolved supersecretpassword from $brooklyn:external("my-credentials", "password")
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)