Log4j 2
  1. Log4j 2
  2. LOG4J2-605

NoSQL appender logging password in clear text.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0-rc1
    • Fix Version/s: 2.0-rc2
    • Component/s: Appenders
    • Labels:
      None

      Description

      When using Mongo NoSQL appender and enabled configuration status =debug, the mongodb password is logged in clear text. Following is sample log statement.

      2014-04-15 11:29:52,008 DEBUG Calling createNoSQLProvider on class org.apache.logging.log4j.core.appender.db.nosql.mongodb.MongoDBProvider for element MongoDb with params(collectionName="log4j", writeConcernConstant="null", writeConcernConstantClass="null", databaseName="logdb", server="localhost", port="27017", username="user", password="pw", factoryClassName="null", factoryMethodName="null").

      However, in below statement it gives passwordhash.

      2014-04-15 11:29:52,476 DEBUG Calling createAppender on class org.apache.logging.log4j.core.appender.db.nosql.NoSQLAppender for element NoSql with params(name="mongo", ignoreExceptions="null", null, bufferSize="null", MongoDb(mongoDb

      { database=logdb, server=localhost, port=270171, username=user, passwordHash=4834821b7ecd2e7b7c571c0488189821 }

      ))

      2014-04-15 11:29:52,477 DEBUG Starting NoSQLDatabaseManager noSqlManager{ description=mongo, bufferSize=0, provider=mongoDb

      { database=logdb, server=localhost, port=27017, username=user, passwordHash=4834821b7ecd2e7b7c571c0488189821 }

      }

      Either the first statement has to be removed (or) change to print passwordhash.

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        50m 50s 1 Matt Sicker 15/Apr/14 08:11
        Hide
        Matt Sicker added a comment -

        Less hacky fix in r1587460.

        Show
        Matt Sicker added a comment - Less hacky fix in r1587460.
        Matt Sicker made changes -
        Field Original Value New Value
        Resolution Fixed [ 1 ]
        Fix Version/s 2.0-rc2 [ 12326292 ]
        Assignee Matt Sicker [ jvz ]
        Status Open [ 1 ] Resolved [ 5 ]
        Hide
        Matt Sicker added a comment -

        Fixed in r1587457 (trunk).

        Show
        Matt Sicker added a comment - Fixed in r1587457 (trunk).
        Poorna Subhash P created issue -

          People

          • Assignee:
            Matt Sicker
            Reporter:
            Poorna Subhash P
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development