potiuk commented on issue #16007: URL: https://github.com/apache/airflow/issues/16007#issuecomment-848063303
Why don't we do a bit "smarter' formatting. I know it's adding complexity but I think it could work better if for short passwords (1-3 letters) we only replace whole words. That would require a regexp matching (so lilkely slower with [\W^]PASS[\W$] or smth. but it would handle all the cases where we have `password:ab` or `ab`. Again - not very strong on it the empty case handles most problems, the "short password" is mostly a test/edge case., just trying to see if we can brainstorm on finding simple yet effective protection. My current thinking. When I consider edge cases, for sure it makes very little sense to replace 1 character passwords (there is no point in that, really) so we could exclude 1-character passwords immediately (and they are sometimes - quite often even used in test systems when you need non-empty password but you have no minimum length). Two characters are not likely to be good passwords neither for test nor for any real use so maybe we should not worry about those. How about excluding all passwords with length `<=1` ? That might protect against VAST majority of cases where log output will be weird. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
