To be clear, this isnt simply some regular logging done at trace level but rather a low-level protocol-frame log that's only enabled and output at trace level upon express request, which you have.
It would have to parse the wire payload to obfuscate it, which the bits doing this simply dont really know how to, as it's just considered a bunch of opaque payload bytes to it at that point. To omit it could often defeat the point of needing to see the low level protocol frame traffic. I dont particular fancy making this configurable, but I guess we could look into it to see how ugly it would be. For now, to avoid such protocol-frame output, dont enable the protocol-frame log. On Thu, 1 Apr 2021 at 12:07, akabhishek1 <[email protected]> wrote: > > Hi Team, > > We are using qpid-jms-client-57.0 to receive message from ServiceBus. We > need to enable TRACE level logging for issue identification. > > While enabling TRACE level logging, we realized that credentials are getting > logged at TRACE level which is a security breach. > > Can I request you to remove/mask credential while getting logged? > > Sample TRACE log - > 2021-04-01 11:56:37,963 [AmqpProvider > :(1):[amqps://****.servicebus.windows.net:-1]] TRACE > org.apache.qpid.jms.provider.amqp.FRAMES - [476759868:0] SENT: > SaslInit{mechanism=PLAIN, > initialResponse=\x00**USER_NAME\x00****CREDENTIAL********, > hostname='*******.servicebus.windows.net'} > > Please let me know for any concern. > > Regards, > Abhishek Kumar > > > > > -- > Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
