[jira] [Updated] (KAFKA-2690) Protect passwords from logging

Jakub Nowak (JIRA) Tue, 27 Oct 2015 12:23:42 -0700

     [ 
https://issues.apache.org/jira/browse/KAFKA-2690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jakub Nowak updated KAFKA-2690:
-------------------------------
    Status: Patch Available  (was: Open)

> Protect passwords from logging
> ------------------------------
>
>                 Key: KAFKA-2690
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2690
>             Project: Kafka
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Ismael Juma
>            Assignee: Jakub Nowak
>             Fix For: 0.9.0.0
>
>
> We currently store the key (ssl.key.password), keystore 
> (ssl.keystore.password) and truststore (ssl.truststore.password) passwords as 
> a String in `KafkaConfig`, `ConsumerConfig` and `ProducerConfig`.
> The problem with this approach is that we may accidentally log the password 
> when logging the config.
> A possible solution is to introduce a new `ConfigDef.Type` that overrides 
> `toString` so that the value is hidden.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KAFKA-2690) Protect passwords from logging

Reply via email to