[
https://issues.apache.org/jira/browse/NIFI-3713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann reassigned NIFI-3713:
--------------------------------------
Assignee: David Handermann (was: Andy LoPresto)
> Examine logs to ensure that data is not leaked to logs when the corresponding
> repository is encrypted
> -----------------------------------------------------------------------------------------------------
>
> Key: NIFI-3713
> URL: https://issues.apache.org/jira/browse/NIFI-3713
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Reporter: Andy LoPresto
> Assignee: David Handermann
> Priority: Major
> Labels: data-leak, logging, security
>
> I have noticed some of the logging statements (see {{LuceneEventIndex}},
> etc.) print the flowfile attributes or provenance event record contents. I
> corrected some of these but the data can be useful for tracing and
> diagnostics if it is not sensitive. It is difficult to determine if the
> repository is encrypted without changing the method signatures and passing
> additional information. This will need an exhaustive audit to ensure no data
> leakage is occurring.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
