[ https://issues.apache.org/jira/browse/CASSANDRA-16817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andres de la Peña updated CASSANDRA-16817: ------------------------------------------ Bug Category: Parent values: Security(12985)Level 1 values: Information Leakage(12999) Complexity: Low Hanging Fruit Discovered By: User Report Fix Version/s: 4.x 4.0.x 3.11.x 3.0.x Severity: Low Status: Open (was: Triage Needed) > Fix ERROR message which prints data information in the logs > ----------------------------------------------------------- > > Key: CASSANDRA-16817 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16817 > Project: Cassandra > Issue Type: Bug > Components: Feature/Materialized Views > Reporter: Andres de la Peña > Assignee: Andres de la Peña > Priority: Normal > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > {{StorageProxy.mutateMV}} might log [an error > message|https://github.com/apache/cassandra/blob/cassandra-3.0/src/java/org/apache/cassandra/service/StorageProxy.java#L880] > that prints user data in the logs beyond the row key, for example: > {code} > ERROR [MutationStage-2] 2021-07-28 13:08:52,609 StorageProxy.java:1002 - > Error applying local view update to keyspace k: Mutation(keyspace='k', > key='00000001', modifications=[ > [k.mv] key=1 partition_deletion=deletedAt=-9223372036854775808, > localDeletion=2147483647 columns=[[] | []] > Row[info=[ts=1627474132606719] ]: k=0, v=MY CONFIDENTIAL DATA | > ]) > {code} > We should probably change that log message so it doesn't print the entire > mutation but only the keyspace, tables and partition key of the mutation. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org