[jira] [Updated] (KAFKA-9601) Workers log raw connector configs, including values

Randall Hauch (Jira) Wed, 26 Feb 2020 14:00:31 -0800


     [ 
https://issues.apache.org/jira/browse/KAFKA-9601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Randall Hauch updated KAFKA-9601:
---------------------------------
    Fix Version/s: 2.4.1
                   2.3.2
                   2.5.0
                   2.2.3
                   2.1.2
                   2.0.2
                   1.1.2
                   1.0.3

> Workers log raw connector configs, including values
> ---------------------------------------------------
>
>                 Key: KAFKA-9601
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9601
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>            Reporter: Chris Egerton
>            Assignee: Chris Egerton
>            Priority: Critical
>             Fix For: 1.0.3, 1.1.2, 2.0.2, 2.1.2, 2.2.3, 2.5.0, 2.3.2, 2.4.1
>
>
> [This line right 
> here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78]
>  logs all configs (key and value) for a connector, which is bad, since it can 
> lead to secrets (db credentials, cloud storage credentials, etc.) being 
> logged in plaintext.
> We can remove this line. Or change it to just log config keys. Or try to do 
> some super-fancy parsing that masks sensitive values. Well, hopefully not 
> that. That sounds like a lot of work.
> Affects all versions of Connect back through 0.10.1.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KAFKA-9601) Workers log raw connector configs, including values

Reply via email to