[jira] [Resolved] (KAFKA-4364) Sink tasks expose secrets in DEBUG logging

Ewen Cheslack-Postava (JIRA) Wed, 09 Nov 2016 15:00:12 -0800

     [ 
https://issues.apache.org/jira/browse/KAFKA-4364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ewen Cheslack-Postava resolved KAFKA-4364.
------------------------------------------
       Resolution: Fixed
    Fix Version/s: 0.10.2.0

Issue resolved by pull request 2115
[https://github.com/apache/kafka/pull/2115]

> Sink tasks expose secrets in DEBUG logging
> ------------------------------------------
>
>                 Key: KAFKA-4364
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4364
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>            Reporter: Ryan P
>            Assignee: Ryan P
>             Fix For: 0.10.2.0
>
>
> As it stands today worker tasks print secrets such as Key/Trust store 
> passwords to their respective logs. 
> https://github.com/confluentinc/kafka/blob/trunk/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerSinkTask.java#L213-L214
> i.e.
> [2016-11-01 12:50:59,254] DEBUG Initializing connector test-sink with config 
> {consumer.ssl.truststore.password=password, 
> connector.class=io.confluent.connect.jdbc.JdbcSinkConnector, 
> connection.password=password, producer.security.protocol=SSL, 
> producer.ssl.truststore.password=password, topics=orders, tasks.max=1, 
> consumer.ssl.truststore.location=/tmp/truststore/kafka.trustore.jks, 
> producer.ssl.truststore.location=/tmp/truststore/kafka.trustore.jks, 
> connection.user=connect, name=test-sink, auto.create=true, 
> consumer.security.protocol=SSL, 
> connection.url=jdbc:postgresql://localhost/test} 
> (org.apache.kafka.connect.runtime.WorkerConnector:71)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (KAFKA-4364) Sink tasks expose secrets in DEBUG logging

Reply via email to