Victor Chen created CASSANDRA-9682:
--------------------------------------
Summary: setting log4j.logger.org.apache.cassandra=DEBUG causes
keyspace username/password to show up in system.log
Key: CASSANDRA-9682
URL: https://issues.apache.org/jira/browse/CASSANDRA-9682
Project: Cassandra
Issue Type: Improvement
Environment: running on linux
Reporter: Victor Chen
if using a third party log aggregator (which many cloud users use), this causes
db credentials to be reproduced offsite, which has potential to be security
issue.
example system.log entry:
{noformat}
DEBUG [Native-Transport-Requests:373] 2015-06-21 07:52:44,595 Message.java
(line 326) Responding: AUTHENTICATE
org.apache.cassandra.auth.PasswordAuthenticator, v=1
DEBUG [Native-Transport-Requests:384] 2015-06-21 07:52:44,597 Message.java
(line 319) Received: CREDENTIALS {username=redacted, password=redacted}, v=1
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
