You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nifi.apache.org by "Joseph Witt (JIRA)" <ji...@apache.org> on 2016/02/23 22:17:18 UTC

[jira] [Created] (NIFI-1558) Kafka processor clients write potentially sensitive info to the logs

Joseph Witt created NIFI-1558:
---------------------------------

             Summary: Kafka processor clients write potentially sensitive info to the logs
                 Key: NIFI-1558
                 URL: https://issues.apache.org/jira/browse/NIFI-1558
             Project: Apache NiFi
          Issue Type: Bug
          Components: Extensions
    Affects Versions: 0.5.0
            Reporter: Joseph Witt
             Fix For: 0.6.0


I noticed the logs on startup have things like the following.  This needs to be suppressed as it is of relatively low value but relatively high risk given that it appears it would write out ssl key passphrases and such.

{quote}
2016-02-23 21:13:56,626 INFO [pool-29-thread-7] o.a.k.clients.producer.ProducerConfig ProducerConfig values:
	compression.type = none
	metric.reporters = []
	metadata.max.age.ms = 300000
	metadata.fetch.timeout.ms = 30000
	reconnect.backoff.ms = 50
	sasl.kerberos.ticket.renew.window.factor = 0.8
	bootstrap.servers = [172.31.8.34:9093]
	retry.backoff.ms = 100
	sasl.kerberos.kinit.cmd = /usr/bin/kinit
	buffer.memory = 1048576
	timeout.ms = 30000
	key.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
	sasl.kerberos.service.name = null
	sasl.kerberos.ticket.renew.jitter = 0.05
	ssl.keystore.type = JKS
	ssl.trustmanager.algorithm = PKIX
	block.on.buffer.full = false
	ssl.key.password = null
	max.block.ms = 60000
	sasl.kerberos.min.time.before.relogin = 60000
	connections.max.idle.ms = 540000
	ssl.truststore.password = null
	max.in.flight.requests.per.connection = 5
	metrics.num.samples = 2
	client.id = NiFi-2243c3f9-bd2b-4bfe-b515-09791ec25c4c
	ssl.endpoint.identification.algorithm = null
	ssl.protocol = TLS
	request.timeout.ms = 30000
	ssl.provider = null
	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
	acks = 0
	batch.size = 200
	ssl.keystore.location = null
	receive.buffer.bytes = 32768
	ssl.cipher.suites = null
	ssl.truststore.type = JKS
	security.protocol = PLAINTEXT
	retries = 0
	max.request.size = 1048576
	value.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
	ssl.truststore.location = null
	ssl.keystore.password = null
	ssl.keymanager.algorithm = SunX509
	metrics.sample.window.ms = 30000
	partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
	send.buffer.bytes = 131072
	linger.ms = 5000

{quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)