You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/04/30 13:42:09 UTC

[GitHub] [airflow] uranusjr commented on pull request #15599: Mask passwords

uranusjr commented on pull request #15599:
URL: https://github.com/apache/airflow/pull/15599#issuecomment-830104043


   Would this be somehow masking *too much* and could provide an attack vector by changing another field containing the password string? For example, if I have username `user_foo` and password `foo`, the log would log username as `user_***`, and by comparing it to publicly displayed fields in (say) the web UI I can obtain the password string.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org