You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/03/25 15:36:00 UTC

[jira] [Created] (KNOX-2561) Unique token identifiers must be truncated when logged now that they can be used as secrets

Philip Zampino created KNOX-2561:
------------------------------------

             Summary: Unique token identifiers must be truncated when logged now that they can be used as secrets
                 Key: KNOX-2561
                 URL: https://issues.apache.org/jira/browse/KNOX-2561
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.6.0
            Reporter: Philip Zampino
            Assignee: Philip Zampino


With KNOX-2555 and KNOX-2556, the unique internal identifiers for Knox tokens are exposed and may be used as secrets. As such, they should no longer be fully logged. Rather, they should be truncated as the tokens themselves are currently.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)