Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed masking passwords in a map used for logging in admingui + added warning to documentation #25144

Merged
merged 2 commits into from
Sep 14, 2024
Merged

Fixed masking passwords in a map used for logging in admingui + added warning to documentation #25144

merged 2 commits into from
Sep 14, 2024

Conversation

dmatej
Copy link
Contributor

@dmatej dmatej commented Sep 13, 2024

  • This was discussed on GitLab - the bug was reported there
  • I added warning about sharing logs into documentation on three appropriate places:
    • To the introduction of the logging documentation
    • To the part about configuring log levels
    • To the list of recommendations in the security guide
  • In general passwords are not the only thing which can be misused to compromise some production system. People should be careful when they share logs, especially when they configured more verbose log levels. Internal host names, distinguished names of internal certificates, dumped HTTP communication, TLS negotiations, ....

@dmatej
Minimalistic fix to avoid printing passwords into logs
e39fe55 
- Passwords were masked off, but then it logged the original map.

Signed-off-by: David Matějček <david.matejcek@omnifish.ee>
@dmatej
Added warnings to documentation about sharing sensitive information i…
9574760 
…n logs

Signed-off-by: David Matějček <david.matejcek@omnifish.ee>
@dmatej dmatej added bug Something isn't working Documentation labels Sep 13, 2024
@dmatej dmatej added this to the 7.0.18 milestone Sep 13, 2024
@dmatej dmatej self-assigned this Sep 13, 2024
@dmatej dmatej merged commit 6ed2f5b into eclipse-ee4j:master Sep 14, 2024
2 checks passed
@dmatej dmatej deleted the passwords branch September 17, 2024 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avpinchuk avpinchuk avpinchuk approved these changes

@arjantijms arjantijms Awaiting requested review from arjantijms

@pzygielo pzygielo Awaiting requested review from pzygielo

@hs536 hs536 Awaiting requested review from hs536

@kaido207 kaido207 Awaiting requested review from kaido207

Assignees

@dmatej dmatej

Labels
bug Something isn't working Documentation
Projects
None yet
Milestone
7.0.18
Development

Successfully merging this pull request may close these issues.
2 participants
@dmatej @avpinchuk