GitHub user user1500177 created a discussion: How to Mask Passwords in Superset
Action Log (DatabaseRestApi.import_)
I'm running Apache Superset and want to ensure that sensitive information,
especially passwords, are not logged in the Action Log (the logs table in the
metadata database).
The main concern is with the /api/v1/database/import/ endpoint, which logs the
database password in the
[json](vscode-file://vscode-app/c:/Users/kevin.paulson/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/code/electron-browser/workbench/workbench.html)
column.
How to hide or mask the passwords alone in the most efficient WAY?
I did the follwoing , IS there a better alternative without recursion ?
class MaskPasswordsEventLogger(DBEventLogger):
def _mask_sensitive(self, data):
try:
if isinstance(data, dict):
return {
k: (
"***MASKED***" if k.lower() in {"password",
"passwords", "db_password", "access_token", "secret"}
else self._mask_sensitive(v)
)
for k, v in data.items()
}
elif isinstance(data, list):
return [self._mask_sensitive(item) for item in data]
else:
return data
except Exception as e:
import logging
logging.warning(f"Error masking sensitive data: {e}")
return data
def log(self, user_id, action, *args, **kwargs):
try:
masked_kwargs = self._mask_sensitive(kwargs)
super().log(user_id, action, *args, **masked_kwargs)
except Exception as e:
import logging
logging.warning(f"Error in custom event logger: {e}")
GitHub link: https://github.com/apache/superset/discussions/35415
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
