[
https://issues.apache.org/jira/browse/KAFKA-9718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17058977#comment-17058977
]
ASF GitHub Bot commented on KAFKA-9718:
---------------------------------------
rajinisivaram commented on pull request #8294: KAFKA-9718; Don't log passwords
for AlterConfigs in request logs
URL: https://github.com/apache/kafka/pull/8294
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Don't log passwords for AlterConfigs requests in request logs
> -------------------------------------------------------------
>
> Key: KAFKA-9718
> URL: https://issues.apache.org/jira/browse/KAFKA-9718
> Project: Kafka
> Issue Type: Bug
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 2.6.0
>
>
> We currently avoid logging passwords in log files by logging only parsed
> values were passwords are logged as `[hidden]`. But for AlterConfigs requests
> in request logs, we log all entries since they just appear as string entries.
> Since we allow altering password configs like SSL key passwords and JAAS
> config, we shouldn't include these in log files.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
