[jira] [Created] (BROOKLYN-269) Sensitive external values exposed in debug logs when using external config supplier

John McCabe (JIRA) Wed, 18 May 2016 01:14:56 -0700

John McCabe created BROOKLYN-269:
------------------------------------

             Summary: Sensitive external values exposed in debug logs when 
using external config supplier
                 Key: BROOKLYN-269
                 URL: https://issues.apache.org/jira/browse/BROOKLYN-269
             Project: Brooklyn
          Issue Type: Bug
    Affects Versions: 0.10.0
            Reporter: John McCabe



Passwords etc are exposed in debug logs when using an external config supplied, 
in this case 
{{org.apache.brooklyn.core.config.external.InPlaceExternalConfigSupplier}}

{code}
    password: $brooklyn:external("my-credentials", "supersecretpassword")
{code}

{code}
2016-05-18 07:51:27,979 DEBUG o.a.b.c.b.s.d.BrooklynDslDeferredSupplier 
[brooklyn-execmanager-ajTGRUqW-212]: Resolved supersecretpassword from 
$brooklyn:external("my-credentials", "password")
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (BROOKLYN-269) Sensitive external values exposed in debug logs when using external config supplier

Reply via email to