[
https://issues.apache.org/jira/browse/NIFI-1558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15171969#comment-15171969
]
Oleg Zhurakousky commented on NIFI-1558:
----------------------------------------
[~joewitt], regardless if the data above is perceived to be sensitive or not
it's coming out of Kafka (not NiFi calling some toString() method) whenever
default log level is INFO. Assuming the logging settings is set to WARN when in
prod, this would be no issue, otherwise we would have to raise the issue with
Kafka. Let me know what you think.
> Kafka processor clients write potentially sensitive info to the logs
> --------------------------------------------------------------------
>
> Key: NIFI-1558
> URL: https://issues.apache.org/jira/browse/NIFI-1558
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 0.5.0
> Reporter: Joseph Witt
> Fix For: 0.6.0
>
>
> I noticed the logs on startup have things like the following. This needs to
> be suppressed as it is of relatively low value but relatively high risk given
> that it appears it would write out ssl key passphrases and such.
> {quote}
> 2016-02-23 21:13:56,626 INFO [pool-29-thread-7]
> o.a.k.clients.producer.ProducerConfig ProducerConfig values:
> compression.type = none
> metric.reporters = []
> metadata.max.age.ms = 300000
> metadata.fetch.timeout.ms = 30000
> reconnect.backoff.ms = 50
> sasl.kerberos.ticket.renew.window.factor = 0.8
> bootstrap.servers = [172.31.8.34:9093]
> retry.backoff.ms = 100
> sasl.kerberos.kinit.cmd = /usr/bin/kinit
> buffer.memory = 1048576
> timeout.ms = 30000
> key.serializer = class
> org.apache.kafka.common.serialization.ByteArraySerializer
> sasl.kerberos.service.name = null
> sasl.kerberos.ticket.renew.jitter = 0.05
> ssl.keystore.type = JKS
> ssl.trustmanager.algorithm = PKIX
> block.on.buffer.full = false
> ssl.key.password = null
> max.block.ms = 60000
> sasl.kerberos.min.time.before.relogin = 60000
> connections.max.idle.ms = 540000
> ssl.truststore.password = null
> max.in.flight.requests.per.connection = 5
> metrics.num.samples = 2
> client.id = NiFi-2243c3f9-bd2b-4bfe-b515-09791ec25c4c
> ssl.endpoint.identification.algorithm = null
> ssl.protocol = TLS
> request.timeout.ms = 30000
> ssl.provider = null
> ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
> acks = 0
> batch.size = 200
> ssl.keystore.location = null
> receive.buffer.bytes = 32768
> ssl.cipher.suites = null
> ssl.truststore.type = JKS
> security.protocol = PLAINTEXT
> retries = 0
> max.request.size = 1048576
> value.serializer = class
> org.apache.kafka.common.serialization.ByteArraySerializer
> ssl.truststore.location = null
> ssl.keystore.password = null
> ssl.keymanager.algorithm = SunX509
> metrics.sample.window.ms = 30000
> partitioner.class = class
> org.apache.kafka.clients.producer.internals.DefaultPartitioner
> send.buffer.bytes = 131072
> linger.ms = 5000
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
