brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-10) Dumping sensitive information in the debug log
Date Wed, 11 Mar 2015 12:29:39 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-10?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356813#comment-14356813
] 

ASF GitHub Bot commented on BROOKLYN-10:
----------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-brooklyn/pull/546


> Dumping sensitive information in the debug log
> ----------------------------------------------
>
>                 Key: BROOKLYN-10
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-10
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Svetoslav Neykov
>
> Brooklyn dumps sensitive information in the debug log like passwords and private keys.
I tracked it (at least) to the following locations
>   * brooklyn.entity.software.MachineLifecycleEffectorTasks. provisionAsync(MachineProvisioningLocation<?>)
(current line is 239)
> Entities.sanitize goes just one level deep, leaving deeper info untouched (in this case
the config object)
>   * brooklyn.location.basic.BasicLocationRegistry.updateDefinedLocations() (current line
is 153)
> definedLocations.values() is not sanitized at all, leaving all the info from the properties
file visible



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message