ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexandr Kuramshin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-4167) Add an option to avoid printing out sensitive data into logs
Date Fri, 23 Dec 2016 09:36:58 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-4167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15772418#comment-15772418

Alexandr Kuramshin commented on IGNITE-4167:

I review comment related changes, all accepted but #3. It's a CacheObject, which have its
own toString() implementation bears in mind sensitive flag.

I fix a few CacheObject implementations instead of the huge fields declarations.

> Add an option to avoid printing out sensitive data into logs
> ------------------------------------------------------------
>                 Key: IGNITE-4167
>                 URL: https://issues.apache.org/jira/browse/IGNITE-4167
>             Project: Ignite
>          Issue Type: Improvement
>            Reporter: Denis Kholodov
>            Assignee: Alexandr Kuramshin
> We are seeing sensitive cache data being output in ignite debug logging. I've tracked
it down to at least two places:
> 1. GridToStringBuilder uses reflection to print all fields in cache objects that are
not annotated with @GridToStringExclude
> 2. GridCacheMapEntry does a direct toString() call on the value objects in a debug log
> As a fabric platform, we won't always have control over the object classes being added
to/retrieved from the cache.
> We must always assume that all keys and values are sensitive and should not be outputted
in logs except in local debugging situations. To this end, we need a configuration option
(turned OFF by default) that allows keys/values to be written to log messages.

This message was sent by Atlassian JIRA

View raw message