nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Witt (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (NIFI-1558) Kafka processor clients write potentially sensitive info to the logs
Date Wed, 09 Mar 2016 22:12:40 GMT

     [ https://issues.apache.org/jira/browse/NIFI-1558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Joseph Witt resolved NIFI-1558.
-------------------------------
       Resolution: Won't Fix
    Fix Version/s:     (was: 0.6.0)

> Kafka processor clients write potentially sensitive info to the logs
> --------------------------------------------------------------------
>
>                 Key: NIFI-1558
>                 URL: https://issues.apache.org/jira/browse/NIFI-1558
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: 0.5.0
>            Reporter: Joseph Witt
>            Assignee: Oleg Zhurakousky
>
> I noticed the logs on startup have things like the following.  This needs to be suppressed
as it is of relatively low value but relatively high risk given that it appears it would write
out ssl key passphrases and such.
> {quote}
> 2016-02-23 21:13:56,626 INFO [pool-29-thread-7] o.a.k.clients.producer.ProducerConfig
ProducerConfig values:
> 	compression.type = none
> 	metric.reporters = []
> 	metadata.max.age.ms = 300000
> 	metadata.fetch.timeout.ms = 30000
> 	reconnect.backoff.ms = 50
> 	sasl.kerberos.ticket.renew.window.factor = 0.8
> 	bootstrap.servers = [172.31.8.34:9093]
> 	retry.backoff.ms = 100
> 	sasl.kerberos.kinit.cmd = /usr/bin/kinit
> 	buffer.memory = 1048576
> 	timeout.ms = 30000
> 	key.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
> 	sasl.kerberos.service.name = null
> 	sasl.kerberos.ticket.renew.jitter = 0.05
> 	ssl.keystore.type = JKS
> 	ssl.trustmanager.algorithm = PKIX
> 	block.on.buffer.full = false
> 	ssl.key.password = null
> 	max.block.ms = 60000
> 	sasl.kerberos.min.time.before.relogin = 60000
> 	connections.max.idle.ms = 540000
> 	ssl.truststore.password = null
> 	max.in.flight.requests.per.connection = 5
> 	metrics.num.samples = 2
> 	client.id = NiFi-2243c3f9-bd2b-4bfe-b515-09791ec25c4c
> 	ssl.endpoint.identification.algorithm = null
> 	ssl.protocol = TLS
> 	request.timeout.ms = 30000
> 	ssl.provider = null
> 	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
> 	acks = 0
> 	batch.size = 200
> 	ssl.keystore.location = null
> 	receive.buffer.bytes = 32768
> 	ssl.cipher.suites = null
> 	ssl.truststore.type = JKS
> 	security.protocol = PLAINTEXT
> 	retries = 0
> 	max.request.size = 1048576
> 	value.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
> 	ssl.truststore.location = null
> 	ssl.keystore.password = null
> 	ssl.keymanager.algorithm = SunX509
> 	metrics.sample.window.ms = 30000
> 	partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
> 	send.buffer.bytes = 131072
> 	linger.ms = 5000
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message