[ https://issues.apache.org/jira/browse/RANGER-3822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17565903#comment-17565903 ]
Madhan Neethiraj commented on RANGER-3822: ------------------------------------------ [~amazingBoy_hbh] - thank you for the patch. It is committed in master branch: {noformat} commit 057bba4f570998d1ead6d4c23f7b24a41e7f1e51 (HEAD -> master, origin/master, origin/HEAD) Author: Hoo199212 <18637171...@163.com> Date: Tue Jul 12 14:30:17 2022 +0800 RANGER-3822: redact password in RangerService.toString() Signed-off-by: Madhan Neethiraj <mad...@apache.org> {noformat} > RangerService outputs password information in plaintext > ------------------------------------------------------- > > Key: RANGER-3822 > URL: https://issues.apache.org/jira/browse/RANGER-3822 > Project: Ranger > Issue Type: Improvement > Components: admin > Affects Versions: 1.2.0, 2.2.0 > Reporter: Binhua Hu > Assignee: Binhua Hu > Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > RangerService outputs information in plaintext, causing the component > password to be leaked.For example, when the Ranger service with the same name > is created repeatedly, the password information of relevant components will > be printed in the log. > {code:java} > 2022-07-11 10:08:59,505 [http-bio-6080-exec-4] ERROR > org.apache.ranger.rest.ServiceRest(SericeREST.java:672) - > createService(RangerService={id={null} guid={null} isEnabled={true} > createdBy={null} updateBy={null} createTime={Thu Jan 01 08:00:00 GMT+8:00 > 1970} updateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} version={1} > name={service-kafka} type={kafka} description={null} tagService={null} > configs={password={123456} username={admin}} policyVersion={0} > policyUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} tagVersion={1} > tagUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970}}) failed{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)