[jira] [Commented] (KAFKA-2690) Protect passwords from logging

Ismael Juma (JIRA) Tue, 10 Nov 2015 02:25:57 -0800

    [ 
https://issues.apache.org/jira/browse/KAFKA-2690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14998365#comment-14998365
 ]


Ismael Juma commented on KAFKA-2690:
------------------------------------

PR link:
https://github.com/apache/kafka/pull/371

> Protect passwords from logging
> ------------------------------
>
>                 Key: KAFKA-2690
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2690
>             Project: Kafka
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Ismael Juma
>            Assignee: Jakub Nowak
>             Fix For: 0.9.0.0
>
>
> We currently store the key (ssl.key.password), keystore 
> (ssl.keystore.password) and truststore (ssl.truststore.password) passwords as 
> a String in `KafkaConfig`, `ConsumerConfig` and `ProducerConfig`.
> The problem with this approach is that we may accidentally log the password 
> when logging the config.
> A possible solution is to introduce a new `ConfigDef.Type` that overrides 
> `toString` so that the value is hidden.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KAFKA-2690) Protect passwords from logging

Reply via email to