[
https://issues.apache.org/jira/browse/KAFKA-9601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Randall Hauch resolved KAFKA-9601.
----------------------------------
Reviewer: Randall Hauch
Resolution: Fixed
Thanks for the fix, [~ChrisEgerton]!
Merged to trunk and cherry-picked to the 2.5, 2.4, 2.3, 2.2, 2.1, 2.0, 1.1, and
1.0 branches; I didn't go back farther since it's unlikely we will issue
additional patches for earlier branches.
> Workers log raw connector configs, including values
> ---------------------------------------------------
>
> Key: KAFKA-9601
> URL: https://issues.apache.org/jira/browse/KAFKA-9601
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Critical
> Fix For: 1.0.3, 1.1.2, 2.0.2, 2.1.2, 2.2.3, 2.5.0, 2.3.2, 2.4.1
>
>
> [This line right
> here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78]
> logs all configs (key and value) for a connector, which is bad, since it can
> lead to secrets (db credentials, cloud storage credentials, etc.) being
> logged in plaintext.
> We can remove this line. Or change it to just log config keys. Or try to do
> some super-fancy parsing that masks sensitive values. Well, hopefully not
> that. That sounds like a lot of work.
> Affects all versions of Connect back through 0.10.1.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
