You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Oleg Zhurakousky (JIRA)" <ji...@apache.org> on 2016/02/29 22:23:18 UTC

[jira] [Assigned] (NIFI-1558) Kafka processor clients write potentially sensitive info to the logs

     [ https://issues.apache.org/jira/browse/NIFI-1558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Zhurakousky reassigned NIFI-1558:
--------------------------------------

    Assignee: Oleg Zhurakousky

> Kafka processor clients write potentially sensitive info to the logs
> --------------------------------------------------------------------
>
>                 Key: NIFI-1558
>                 URL: https://issues.apache.org/jira/browse/NIFI-1558
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: 0.5.0
>            Reporter: Joseph Witt
>            Assignee: Oleg Zhurakousky
>             Fix For: 0.6.0
>
>
> I noticed the logs on startup have things like the following.  This needs to be suppressed as it is of relatively low value but relatively high risk given that it appears it would write out ssl key passphrases and such.
> {quote}
> 2016-02-23 21:13:56,626 INFO [pool-29-thread-7] o.a.k.clients.producer.ProducerConfig ProducerConfig values:
> 	compression.type = none
> 	metric.reporters = []
> 	metadata.max.age.ms = 300000
> 	metadata.fetch.timeout.ms = 30000
> 	reconnect.backoff.ms = 50
> 	sasl.kerberos.ticket.renew.window.factor = 0.8
> 	bootstrap.servers = [172.31.8.34:9093]
> 	retry.backoff.ms = 100
> 	sasl.kerberos.kinit.cmd = /usr/bin/kinit
> 	buffer.memory = 1048576
> 	timeout.ms = 30000
> 	key.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
> 	sasl.kerberos.service.name = null
> 	sasl.kerberos.ticket.renew.jitter = 0.05
> 	ssl.keystore.type = JKS
> 	ssl.trustmanager.algorithm = PKIX
> 	block.on.buffer.full = false
> 	ssl.key.password = null
> 	max.block.ms = 60000
> 	sasl.kerberos.min.time.before.relogin = 60000
> 	connections.max.idle.ms = 540000
> 	ssl.truststore.password = null
> 	max.in.flight.requests.per.connection = 5
> 	metrics.num.samples = 2
> 	client.id = NiFi-2243c3f9-bd2b-4bfe-b515-09791ec25c4c
> 	ssl.endpoint.identification.algorithm = null
> 	ssl.protocol = TLS
> 	request.timeout.ms = 30000
> 	ssl.provider = null
> 	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
> 	acks = 0
> 	batch.size = 200
> 	ssl.keystore.location = null
> 	receive.buffer.bytes = 32768
> 	ssl.cipher.suites = null
> 	ssl.truststore.type = JKS
> 	security.protocol = PLAINTEXT
> 	retries = 0
> 	max.request.size = 1048576
> 	value.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
> 	ssl.truststore.location = null
> 	ssl.keystore.password = null
> 	ssl.keymanager.algorithm = SunX509
> 	metrics.sample.window.ms = 30000
> 	partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
> 	send.buffer.bytes = 131072
> 	linger.ms = 5000
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)