[jira] [Created] (KAFKA-9718) Don't log passwords for AlterConfigs requests in request logs

Rajini Sivaram (Jira) Fri, 13 Mar 2020 03:54:29 -0700

Rajini Sivaram created KAFKA-9718:
-------------------------------------

             Summary: Don't log passwords for AlterConfigs requests in request 
logs
                 Key: KAFKA-9718
                 URL: https://issues.apache.org/jira/browse/KAFKA-9718
             Project: Kafka
          Issue Type: Bug
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram
             Fix For: 2.6.0



We currently avoid logging passwords in log files by logging only parsed values 
were passwords are logged as `[hidden]`. But for AlterConfigs requests in 
request logs, we log all entries since they just appear as string entries. 
Since we allow altering password configs like SSL key passwords and JAAS 
config, we shouldn't include these in log files.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KAFKA-9718) Don't log passwords for AlterConfigs requests in request logs

Reply via email to