You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (JIRA)" <ji...@apache.org> on 2015/06/30 21:07:05 UTC
[jira] [Assigned] (CASSANDRA-9682) setting
log4j.logger.org.apache.cassandra=DEBUG causes keyspace username/password
to show up in system.log
[ https://issues.apache.org/jira/browse/CASSANDRA-9682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sam Tunnicliffe reassigned CASSANDRA-9682:
------------------------------------------
Assignee: Sam Tunnicliffe
> setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace username/password to show up in system.log
> ----------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-9682
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9682
> Project: Cassandra
> Issue Type: Improvement
> Environment: running on linux
> Reporter: Victor Chen
> Assignee: Sam Tunnicliffe
> Fix For: 2.1.x, 2.2.x, 3.0.x
>
> Attachments: 9682.txt
>
>
> if using a third party log aggregator (which many cloud users use), this causes db credentials to be reproduced offsite, which has potential to be security issue. I would prefer the ability to disable the logging of this information while still setting log4j.logger.org.apache.cassandra=DEBUG
> example system.log entry:
> {noformat}
> DEBUG [Native-Transport-Requests:373] 2015-06-21 07:52:44,595 Message.java (line 326) Responding: AUTHENTICATE org.apache.cassandra.auth.PasswordAuthenticator, v=1
> DEBUG [Native-Transport-Requests:384] 2015-06-21 07:52:44,597 Message.java (line 319) Received: CREDENTIALS {username=redacted, password=redacted}, v=1
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)