[ https://issues.apache.org/jira/browse/CASSANDRA-9682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sam Tunnicliffe updated CASSANDRA-9682: --------------------------------------- Attachment: 9682.txt Trivial patch attached; we won't be making any further releases on the 1.2 line, but it applies there in case anybody wants/needs to patch their own, legacy version. > setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace > username/password to show up in system.log > ---------------------------------------------------------------------------------------------------------- > > Key: CASSANDRA-9682 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9682 > Project: Cassandra > Issue Type: Improvement > Environment: running on linux > Reporter: Victor Chen > Fix For: 2.1.x, 2.2.x, 3.0.x > > Attachments: 9682.txt > > > if using a third party log aggregator (which many cloud users use), this > causes db credentials to be reproduced offsite, which has potential to be > security issue. I would prefer the ability to disable the logging of this > information while still setting log4j.logger.org.apache.cassandra=DEBUG > example system.log entry: > {noformat} > DEBUG [Native-Transport-Requests:373] 2015-06-21 07:52:44,595 Message.java > (line 326) Responding: AUTHENTICATE > org.apache.cassandra.auth.PasswordAuthenticator, v=1 > DEBUG [Native-Transport-Requests:384] 2015-06-21 07:52:44,597 Message.java > (line 319) Received: CREDENTIALS {username=redacted, password=redacted}, v=1 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)