[
https://issues.apache.org/jira/browse/CASSANDRA-9682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe updated CASSANDRA-9682:
---------------------------------------
Attachment: 9682.txt
Trivial patch attached; we won't be making any further releases on the 1.2
line, but it applies there in case anybody wants/needs to patch their own,
legacy version.
> setting log4j.logger.org.apache.cassandra=DEBUG causes keyspace
> username/password to show up in system.log
> ----------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-9682
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9682
> Project: Cassandra
> Issue Type: Improvement
> Environment: running on linux
> Reporter: Victor Chen
> Fix For: 2.1.x, 2.2.x, 3.0.x
>
> Attachments: 9682.txt
>
>
> if using a third party log aggregator (which many cloud users use), this
> causes db credentials to be reproduced offsite, which has potential to be
> security issue. I would prefer the ability to disable the logging of this
> information while still setting log4j.logger.org.apache.cassandra=DEBUG
> example system.log entry:
> {noformat}
> DEBUG [Native-Transport-Requests:373] 2015-06-21 07:52:44,595 Message.java
> (line 326) Responding: AUTHENTICATE
> org.apache.cassandra.auth.PasswordAuthenticator, v=1
> DEBUG [Native-Transport-Requests:384] 2015-06-21 07:52:44,597 Message.java
> (line 319) Received: CREDENTIALS {username=redacted, password=redacted}, v=1
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
