DaanHoogland commented on code in PR #12006:
URL: https://github.com/apache/cloudstack/pull/12006#discussion_r2499321164
##########
server/src/main/java/com/cloud/servlet/ConsoleProxyServlet.java:
##########
@@ -534,7 +534,7 @@ private boolean verifyRequest(Map<String, Object[]>
requestParameters) {
// if api/secret key are passed to the parameters
if ((signature == null) || (apiKey == null)) {
if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("expired session, missing signature, or
missing apiKey -- ignoring request...sig: " + signature + ", apiKey: " +
apiKey);
+ LOGGER.debug("expired session, missing signature, or
missing apiKey -- ignoring request");
Review Comment:
why do you consider this one harmful? if so, this is going over the
connection as well. The apikey should not be a secret and the signature is
generated from the apikey and the secretkey so should not give any information.
##########
core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java:
##########
@@ -151,7 +151,7 @@ private void checkCredentials(String user, String password)
{
client.getParams().setAuthenticationPreemptive(true);
Credentials defaultcreds = new
UsernamePasswordCredentials(user, password);
client.getState().setCredentials(new
AuthScope(hostAndPort.first(), hostAndPort.second(), AuthScope.ANY_REALM),
defaultcreds);
- logger.info("Added username=" + user + ", password=" +
password + "for host " + hostAndPort.first() + ":" + hostAndPort.second());
+ logger.info("Added username=" + user + ", password=******" + "
for host " + hostAndPort.first() + ":" + hostAndPort.second());
Review Comment:
```suggestion
logger.info("Added username={}, password=****** for host
{}:{}”, user, hostAndPort.first(), hostAndPort.second());
```
##########
agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java:
##########
@@ -331,7 +331,7 @@ private void launchConsoleProxy(final byte[] ksBits, final
String ksPassword, fi
final Object resource = this;
logger.info("Building class loader for
com.cloud.consoleproxy.ConsoleProxy");
if (consoleProxyMain == null) {
- logger.info("Running com.cloud.consoleproxy.ConsoleProxy with
encryptor password={}", encryptorPassword);
+ logger.info("Running com.cloud.consoleproxy.ConsoleProxy with
encryptor password={}", "******");
Review Comment:
```suggestion
logger.info("Running com.cloud.consoleproxy.ConsoleProxy with
encryptor password=******");
```
##########
engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java:
##########
@@ -99,7 +99,7 @@ private static void initDB(String dbPropsFile, String
rootPassword, String[] dat
String username =
dbProperties.getProperty(String.format("db.%s.username", database));
String password =
dbProperties.getProperty(String.format("db.%s.password", database));
String dbName =
dbProperties.getProperty(String.format("db.%s.name", database));
- System.out.println(String.format("========> Initializing
database=%s with host=%s port=%s username=%s password=%s", dbName, host, port,
username, password));
+ System.out.println(String.format("========> Initializing
database=%s with host=%s port=%s username=%s password=%s", dbName, host, port,
username, "******"));
Review Comment:
```suggestion
System.out.println(String.format("========> Initializing
database=%s with host=%s port=%s username=%s password=******", dbName, host,
port, username));
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
