[
https://issues.apache.org/jira/browse/FLINK-38815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18045827#comment-18045827
]
dengxaing commented on FLINK-38815:
-----------------------------------
[~chesnay] The debug log contains sensitive information of data security cookie
certification in task manager and jobmanager. It will print the password,
algorithms, and so on. This question was introduced from [FLINK-23061]
> The debug log will print the sensitive information of data security cookie
> certification in task manager and jobmanager
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: FLINK-38815
> URL: https://issues.apache.org/jira/browse/FLINK-38815
> Project: Flink
> Issue Type: Bug
> Components: Runtime / RPC
> Affects Versions: 2.0.0, 1.20.0, 2.1.0, 2.2.0, 2.3.0
> Reporter: dengxaing
> Priority: Critical
>
> The debug log contains sensitive information of data security cookie
> certification in task manager and jobmanager. It will print the password,
> algorithms, and so on.
> 调试日志包含任务管理器和作业管理器中数据安全cookie认证的敏感信息,会把密码、算法等都打印出来。
>
> {code:java}
> private static ActorSystem startActorSystem(
> Config config, String actorSystemName, Logger logger) {
> logger.debug("Using pekko configuration\n {}", config);
> ActorSystem actorSystem =
> PekkoUtils.createActorSystem(actorSystemName, config);
> logger.info("Actor system started at {}", PekkoUtils.getAddress(actorSystem));
> return actorSystem;
> } {code}
>
> This section will print all the information in the config because the code
> constructed by config uses the toString method:
> 这部分会打印config里的所有信息,是因为config构造的代码使用了toString方法:
>
> {code:java}
> private static class ConfigBuilder {
> private final StringWriter stringWriter = new StringWriter();
> private final PrintWriter printWriter = new
> PrintWriter(stringWriter); public ConfigBuilder add(String configLine)
> {
> printWriter.println(configLine);
> return this;
> } public Config build() {
> return
> ConfigFactory.parseString(stringWriter.toString()).resolve();
> }
> }{code}
> The build code for config is as follows:
> config的build代码如下:
> {code:java}
> configBuilder
> .add("pekko {")
> .add(" remote.classic {")
> .add(" enabled-transports =
> [\"pekko.remote.classic.netty.ssl\"]")
> .add(" netty {")
> .add(" ssl = ${pekko.remote.classic.netty.tcp}")
> .add(" ssl {")
> .add(" enable-ssl = " + enableSSL)
> .add(" ssl-engine-provider = " + sslEngineProviderName)
> .add(" security {")
> .add(" key-store = \"" + sslKeyStore + "\"")
> .add(" key-store-password = \"" +
> sslKeyStorePassword + "\"")
> .add(" key-store-type = \"" + sslKeyStoreType + "\"")
> .add(" key-password = \"" + sslKeyPassword + "\"")
> .add(" trust-store = \"" + sslTrustStore + "\"")
> .add(" trust-store-password = \"" +
> sslTrustStorePassword + "\"")
> .add(" trust-store-type = \"" + sslTrustStoreType +
> "\"")
> .add(" protocol = " + sslProtocol + "")
> .add(" enabled-algorithms = " + sslAlgorithms + "")
> .add(" random-number-generator = \"\"")
> .add(" require-mutual-authentication = on")
> .add(" cert-fingerprints = " + sslCertFingerprints +
> "")
> .add(" }")
> .add(" }")
> .add(" }")
> .add(" }")
> .add("}"); {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
