You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2020/12/16 09:26:50 UTC

[GitHub] [skywalking] kezhenxu94 opened a new issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

kezhenxu94 opened a new issue #6018:
URL: https://github.com/apache/skywalking/issues/6018


   Now some of the http client plugins record the `username:password` into the tag `url`, this should be removed explicitly 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Superskyyy commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

Superskyyy commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-853582156


   Hello, I would like to take over this issue if @taskmgr is not available.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] kezhenxu94 commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

kezhenxu94 commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-853585699


   > Hello, I would like to take over this issue if @taskmgr is not available.
   
   I think he hasn't started to work on this, @Superskyyy please go ahead.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] taskmgr commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

taskmgr commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-747409976


   I'd like to do this.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] kezhenxu94 closed issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

kezhenxu94 closed issue #6018:
URL: https://github.com/apache/skywalking/issues/6018


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Superskyyy commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

Superskyyy commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-896141522


   > Now some of the http client plugins record the `username:password` into the tag `peer` and `url`, this should be removed explicitly.
   > 
   > Example request url might be http://username:password@example.com
   
   Should I remove the auth part entirely from url/peer or replace any `userabc:pwcde` with literal `username:password`? I feel like replacing may be a good choice too (I hope no one uses `password` as their actual password).  @kezhenxu94  @wu-sheng 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] kezhenxu94 commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

kezhenxu94 commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-896416735


   > > Now some of the http client plugins record the `username:password` into the tag `peer` and `url`, this should be removed explicitly.
   > > Example request url might be http://username:password@example.com
   > 
   > Should I remove the auth part entirely from url/peer or replace any `userabc:pwcde` with literal `username:password`? I feel like replacing may be a good choice too (I hope no one uses `password` as their actual password). @kezhenxu94 @wu-sheng
   
   @Superskyyy I don't see any point to replace them with placeholders, if we don't want to record them why bother to bring extra bytes to store and network load?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Superskyyy commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

Superskyyy commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-896492301


   > @Superskyyy I don't see any point to replace them with placeholders, if we don't want to record them why bother to bring extra bytes to store and network load?
   
   I see. 
   
   I realize the passwords also appear in logs upon failure, I will also remove them there.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-751221059


   Ha, I think this kind of issue will be widely existing in all agent. Haven't know any agent or plugin to avoid this.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Superskyyy commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

Superskyyy commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-853582156


   Hello, I would like to take over this issue if @taskmgr is not available.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] kezhenxu94 commented on issue #6018: [Python] Revise plugins involved with http client, avoid recording password in url

Posted by GitBox <gi...@apache.org>.

kezhenxu94 commented on issue #6018:
URL: https://github.com/apache/skywalking/issues/6018#issuecomment-853585699


   > Hello, I would like to take over this issue if @taskmgr is not available.
   
   I think he hasn't started to work on this, @Superskyyy please go ahead.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org