Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-605

NoSQL appender logging password in clear text.

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.0-rc1
    • 2.0-rc2
    • Appenders
    • None

    Description

      When using Mongo NoSQL appender and enabled configuration status =debug, the mongodb password is logged in clear text. Following is sample log statement.

      2014-04-15 11:29:52,008 DEBUG Calling createNoSQLProvider on class org.apache.logging.log4j.core.appender.db.nosql.mongodb.MongoDBProvider for element MongoDb with params(collectionName="log4j", writeConcernConstant="null", writeConcernConstantClass="null", databaseName="logdb", server="localhost", port="27017", username="user", password="pw", factoryClassName="null", factoryMethodName="null").

      However, in below statement it gives passwordhash.

      2014-04-15 11:29:52,476 DEBUG Calling createAppender on class org.apache.logging.log4j.core.appender.db.nosql.NoSQLAppender for element NoSql with params(name="mongo", ignoreExceptions="null", null, bufferSize="null", MongoDb(mongoDb

      { database=logdb, server=localhost, port=270171, username=user, passwordHash=4834821b7ecd2e7b7c571c0488189821 }

      ))

      2014-04-15 11:29:52,477 DEBUG Starting NoSQLDatabaseManager noSqlManager{ description=mongo, bufferSize=0, provider=mongoDb

      { database=logdb, server=localhost, port=27017, username=user, passwordHash=4834821b7ecd2e7b7c571c0488189821 }

      }

      Either the first statement has to be removed (or) change to print passwordhash.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mattsicker Matt Sicker
            poorna1 Poorna Subhash P
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment