You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/03/25 15:36:00 UTC
[jira] [Created] (KNOX-2561) Unique token identifiers must be
truncated when logged now that they can be used as secrets
Philip Zampino created KNOX-2561:
------------------------------------
Summary: Unique token identifiers must be truncated when logged now that they can be used as secrets
Key: KNOX-2561
URL: https://issues.apache.org/jira/browse/KNOX-2561
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.6.0
Reporter: Philip Zampino
Assignee: Philip Zampino
With KNOX-2555 and KNOX-2556, the unique internal identifiers for Knox tokens are exposed and may be used as secrets. As such, they should no longer be fully logged. Rather, they should be truncated as the tokens themselves are currently.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)