nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Zhurakousky (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-1558) Kafka processor clients write potentially sensitive info to the logs
Date Mon, 07 Mar 2016 22:22:40 GMT

    [ https://issues.apache.org/jira/browse/NIFI-1558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15183849#comment-15183849
] 

Oleg Zhurakousky commented on NIFI-1558:
----------------------------------------

[~joewitt] please comment on this one as I believe there is nothing to be done, other then
resolve with "No Fix".

> Kafka processor clients write potentially sensitive info to the logs
> --------------------------------------------------------------------
>
>                 Key: NIFI-1558
>                 URL: https://issues.apache.org/jira/browse/NIFI-1558
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: 0.5.0
>            Reporter: Joseph Witt
>            Assignee: Oleg Zhurakousky
>             Fix For: 0.6.0
>
>
> I noticed the logs on startup have things like the following.  This needs to be suppressed
as it is of relatively low value but relatively high risk given that it appears it would write
out ssl key passphrases and such.
> {quote}
> 2016-02-23 21:13:56,626 INFO [pool-29-thread-7] o.a.k.clients.producer.ProducerConfig
ProducerConfig values:
> 	compression.type = none
> 	metric.reporters = []
> 	metadata.max.age.ms = 300000
> 	metadata.fetch.timeout.ms = 30000
> 	reconnect.backoff.ms = 50
> 	sasl.kerberos.ticket.renew.window.factor = 0.8
> 	bootstrap.servers = [172.31.8.34:9093]
> 	retry.backoff.ms = 100
> 	sasl.kerberos.kinit.cmd = /usr/bin/kinit
> 	buffer.memory = 1048576
> 	timeout.ms = 30000
> 	key.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
> 	sasl.kerberos.service.name = null
> 	sasl.kerberos.ticket.renew.jitter = 0.05
> 	ssl.keystore.type = JKS
> 	ssl.trustmanager.algorithm = PKIX
> 	block.on.buffer.full = false
> 	ssl.key.password = null
> 	max.block.ms = 60000
> 	sasl.kerberos.min.time.before.relogin = 60000
> 	connections.max.idle.ms = 540000
> 	ssl.truststore.password = null
> 	max.in.flight.requests.per.connection = 5
> 	metrics.num.samples = 2
> 	client.id = NiFi-2243c3f9-bd2b-4bfe-b515-09791ec25c4c
> 	ssl.endpoint.identification.algorithm = null
> 	ssl.protocol = TLS
> 	request.timeout.ms = 30000
> 	ssl.provider = null
> 	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
> 	acks = 0
> 	batch.size = 200
> 	ssl.keystore.location = null
> 	receive.buffer.bytes = 32768
> 	ssl.cipher.suites = null
> 	ssl.truststore.type = JKS
> 	security.protocol = PLAINTEXT
> 	retries = 0
> 	max.request.size = 1048576
> 	value.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
> 	ssl.truststore.location = null
> 	ssl.keystore.password = null
> 	ssl.keymanager.algorithm = SunX509
> 	metrics.sample.window.ms = 30000
> 	partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
> 	send.buffer.bytes = 131072
> 	linger.ms = 5000
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message