Yanbo Liang created ZEPPELIN-2733:
-------------------------------------
Summary: Remove System Information Leak in Authentication.java
Key: ZEPPELIN-2733
URL: https://issues.apache.org/jira/browse/ZEPPELIN-2733
Project: Zeppelin
Issue Type: Improvement
Components: security
Reporter: Yanbo Liang
Priority: Minor
An information leak occurs when system data or debugging information leaves the
program through an output stream or logging function.
In the file Authentication.java,
{code}
Line 137: LOG.debug("Encrypted user key is {}", userKey);
Line 148: LOG.debug("IV is {}, IV length is {}", initVector,
initVector.length());
{code}
These lines may print information which can reveal some important data to user
making it vulnerable to attacks, we should not log this sensitive information.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
