cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-9682) setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace username/password to show up in system.log
Date Tue, 30 Jun 2015 19:07:05 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-9682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sam Tunnicliffe updated CASSANDRA-9682:
---------------------------------------
    Reproduced In: 2.1.7, 2.2.0 rc1, 2.0.14, 1.2.19  (was: 1.2.19, 2.0.14)

> setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace username/password to
show up in system.log
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-9682
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9682
>             Project: Cassandra
>          Issue Type: Improvement
>         Environment: running on linux
>            Reporter: Victor Chen
>             Fix For: 2.1.x, 2.2.x, 3.0.x
>
>         Attachments: 9682.txt
>
>
> if using a third party log aggregator (which many cloud users use), this causes db credentials
to be reproduced offsite, which has potential to be security issue. I would prefer the ability
to disable the logging of this information while still setting log4j.logger.org.apache.cassandra=DEBUG
> example system.log entry:
> {noformat}
> DEBUG [Native-Transport-Requests:373] 2015-06-21 07:52:44,595 Message.java (line 326)
Responding: AUTHENTICATE org.apache.cassandra.auth.PasswordAuthenticator, v=1
> DEBUG [Native-Transport-Requests:384] 2015-06-21 07:52:44,597 Message.java (line 319)
Received: CREDENTIALS {username=redacted, password=redacted}, v=1
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message