You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/03/30 12:53:00 UTC
[jira] [Commented] (KNOX-2561) Unique token identifiers must be
truncated when logged now that they can be used as secrets
[ https://issues.apache.org/jira/browse/KNOX-2561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17311500#comment-17311500 ]
ASF subversion and git services commented on KNOX-2561:
-------------------------------------------------------
Commit ac80f0a712f38fc8f41b52816ce73db8507e7249 in knox's branch refs/heads/master from Philip Zampino
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=ac80f0a ]
KNOX-2561 - Unique token identifiers must be truncated when logged now that they can be used as secrets (#425)
> Unique token identifiers must be truncated when logged now that they can be used as secrets
> -------------------------------------------------------------------------------------------
>
> Key: KNOX-2561
> URL: https://issues.apache.org/jira/browse/KNOX-2561
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.6.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> With KNOX-2555 and KNOX-2556, the unique internal identifiers for Knox tokens are exposed and may be used as secrets. As such, they should no longer be fully logged. Rather, they should be truncated as the tokens themselves are currently.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)