[jira] [Commented] (NIFI-1558) Kafka processor clients write potentially sensitive info to the logs

[Oleg Zhurakousky (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-1558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15183849#comment-15183849
 ] 

Oleg Zhurakousky commented on NIFI-1558:
----------------------------------------

[~joewitt] please comment on this one as I believe there is nothing to be done, 
other then resolve with "No Fix".

> Kafka processor clients write potentially sensitive info to the logs
> --------------------------------------------------------------------
>
>                 Key: NIFI-1558
>                 URL: https://issues.apache.org/jira/browse/NIFI-1558
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: 0.5.0
>            Reporter: Joseph Witt
>            Assignee: Oleg Zhurakousky
>             Fix For: 0.6.0
>
>
> I noticed the logs on startup have things like the following.  This needs to 
> be suppressed as it is of relatively low value but relatively high risk given 
> that it appears it would write out ssl key passphrases and such.
> {quote}
> 2016-02-23 21:13:56,626 INFO [pool-29-thread-7] 
> o.a.k.clients.producer.ProducerConfig ProducerConfig values:
>       compression.type = none
>       metric.reporters = []
>       metadata.max.age.ms = 300000
>       metadata.fetch.timeout.ms = 30000
>       reconnect.backoff.ms = 50
>       sasl.kerberos.ticket.renew.window.factor = 0.8
>       bootstrap.servers = [172.31.8.34:9093]
>       retry.backoff.ms = 100
>       sasl.kerberos.kinit.cmd = /usr/bin/kinit
>       buffer.memory = 1048576
>       timeout.ms = 30000
>       key.serializer = class 
> org.apache.kafka.common.serialization.ByteArraySerializer
>       sasl.kerberos.service.name = null
>       sasl.kerberos.ticket.renew.jitter = 0.05
>       ssl.keystore.type = JKS
>       ssl.trustmanager.algorithm = PKIX
>       block.on.buffer.full = false
>       ssl.key.password = null
>       max.block.ms = 60000
>       sasl.kerberos.min.time.before.relogin = 60000
>       connections.max.idle.ms = 540000
>       ssl.truststore.password = null
>       max.in.flight.requests.per.connection = 5
>       metrics.num.samples = 2
>       client.id = NiFi-2243c3f9-bd2b-4bfe-b515-09791ec25c4c
>       ssl.endpoint.identification.algorithm = null
>       ssl.protocol = TLS
>       request.timeout.ms = 30000
>       ssl.provider = null
>       ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
>       acks = 0
>       batch.size = 200
>       ssl.keystore.location = null
>       receive.buffer.bytes = 32768
>       ssl.cipher.suites = null
>       ssl.truststore.type = JKS
>       security.protocol = PLAINTEXT
>       retries = 0
>       max.request.size = 1048576
>       value.serializer = class 
> org.apache.kafka.common.serialization.ByteArraySerializer
>       ssl.truststore.location = null
>       ssl.keystore.password = null
>       ssl.keymanager.algorithm = SunX509
>       metrics.sample.window.ms = 30000
>       partitioner.class = class 
> org.apache.kafka.clients.producer.internals.DefaultPartitioner
>       send.buffer.bytes = 131072
>       linger.ms = 5000
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)