You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by "Svetoslav Neykov (JIRA)" <ji...@apache.org> on 2014/06/27 18:46:25 UTC

[jira] [Created] (BROOKLYN-10) Dumping sensitive information in the debug log

Svetoslav Neykov created BROOKLYN-10:
----------------------------------------

             Summary: Dumping sensitive information in the debug log
                 Key: BROOKLYN-10
                 URL: https://issues.apache.org/jira/browse/BROOKLYN-10
             Project: Brooklyn
          Issue Type: Bug
            Reporter: Svetoslav Neykov


Brooklyn dumps sensitive information in the debug log like passwords and private keys. I tracked it (at least) to the following locations

  * brooklyn.entity.software.MachineLifecycleEffectorTasks. provisionAsync(MachineProvisioningLocation<?>) (current line is 239)

Entities.sanitize goes just one level deep, leaving deeper info untouched (in this case the config object)

  * brooklyn.location.basic.BasicLocationRegistry.updateDefinedLocations() (current line is 153)

definedLocations.values() is not sanitized at all, leaving all the info from the properties file visible



--
This message was sent by Atlassian JIRA
(v6.2#6252)