Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-2138

Debug Log level logs sensitive information

    XMLWordPrintableJSON

Details

    • Wish
    • Status: Resolved
    • Minor
    • Resolution: Not A Problem
    • None
    • None
    • HttpClient (classic)
    • None

    Description

      When I enable debug level logging, I see

      ```

      [2021-01-20 18:02:35,862] DEBUG http-outgoing-0 >> Authorization: Basic <CREDENTIALS_APPEAR_HEAR_IN_BASE64> (org.apache.http.headers:139) [2021-01-20 18:02:35,884] DEBUG http-outgoing-0 >> "Authorization: Basic <CREDENTIALS_APPEAR_HEAR_IN_BASE64>[\r][\n]" (org.apache.http.wire:54) [2021-01-20 18:02:35,899] DEBUG http-outgoing-0 << " <title>Unauthorized (401)</title>[\n]" (org.apache.http.wire:54)

      ```

      If agreed, I can open a PR to mask secrets in the debug log. If that makes the log less useful, I can at least make this configurable, since in my case it is a security violation to have any secrets whatsover in the logs

      Attachments

        Activity

          People

            Unassigned Unassigned
            cyrusv Cyrus Vafadari
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: