You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Rajini Sivaram (Jira)" <ji...@apache.org> on 2020/03/13 18:25:00 UTC

[jira] [Resolved] (KAFKA-9718) Don't log passwords for AlterConfigs requests in request logs

     [ https://issues.apache.org/jira/browse/KAFKA-9718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajini Sivaram resolved KAFKA-9718.
-----------------------------------
      Reviewer: Manikumar
    Resolution: Fixed

> Don't log passwords for AlterConfigs requests in request logs
> -------------------------------------------------------------
>
>                 Key: KAFKA-9718
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9718
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 2.6.0
>
>
> We currently avoid logging passwords in log files by logging only parsed values were passwords are logged as `[hidden]`. But for AlterConfigs requests in request logs, we log all entries since they just appear as string entries. Since we allow altering password configs like SSL key passwords and JAAS config, we shouldn't include these in log files.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)