Log4j 2
  1. Log4j 2
  2. LOG4J2-605

NoSQL appender logging password in clear text.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0-rc1
    • Fix Version/s: 2.0-rc2
    • Component/s: Appenders
    • Labels:
      None

      Description

      When using Mongo NoSQL appender and enabled configuration status =debug, the mongodb password is logged in clear text. Following is sample log statement.

      2014-04-15 11:29:52,008 DEBUG Calling createNoSQLProvider on class org.apache.logging.log4j.core.appender.db.nosql.mongodb.MongoDBProvider for element MongoDb with params(collectionName="log4j", writeConcernConstant="null", writeConcernConstantClass="null", databaseName="logdb", server="localhost", port="27017", username="user", password="pw", factoryClassName="null", factoryMethodName="null").

      However, in below statement it gives passwordhash.

      2014-04-15 11:29:52,476 DEBUG Calling createAppender on class org.apache.logging.log4j.core.appender.db.nosql.NoSQLAppender for element NoSql with params(name="mongo", ignoreExceptions="null", null, bufferSize="null", MongoDb(mongoDb

      { database=logdb, server=localhost, port=270171, username=user, passwordHash=4834821b7ecd2e7b7c571c0488189821 }

      ))

      2014-04-15 11:29:52,477 DEBUG Starting NoSQLDatabaseManager noSqlManager{ description=mongo, bufferSize=0, provider=mongoDb

      { database=logdb, server=localhost, port=27017, username=user, passwordHash=4834821b7ecd2e7b7c571c0488189821 }

      }

      Either the first statement has to be removed (or) change to print passwordhash.

        Activity

        Hide
        Matt Sicker added a comment -

        Less hacky fix in r1587460.

        Show
        Matt Sicker added a comment - Less hacky fix in r1587460.
        Hide
        Matt Sicker added a comment -

        Fixed in r1587457 (trunk).

        Show
        Matt Sicker added a comment - Fixed in r1587457 (trunk).

          People

          • Assignee:
            Matt Sicker
            Reporter:
            Poorna Subhash P
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development