Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Elasticsearch credentials are printed in startup log #4804

Closed
lennartkoopmann opened this issue May 23, 2018 · 1 comment
Closed

Elasticsearch credentials are printed in startup log #4804

lennartkoopmann opened this issue May 23, 2018 · 1 comment
Assignees
Milestone

Comments

@lennartkoopmann
Copy link
Member

@lennartkoopmann lennartkoopmann commented May 23, 2018

When starting Graylog, the full URI to all Elasticsearch servers in the pool is printed and it includes the authentication credentials.

[AbstractJestClient] Setting server pool to a list of 1 servers: [http://johndoe:secret@127.0.0.1:9200]

Authentication credentials should never be printed anywhere.

joschi pushed a commit to graylog-labs/Jest that referenced this issue May 24, 2018
Jochen Schalanda
As a best practice, access credentials such as the user info in the URI of Elasticsearch node URIs
should never be logged in plaintext.

Refs Graylog2/graylog2-server#4804
joschi pushed a commit to graylog-labs/Jest that referenced this issue May 24, 2018
Jochen Schalanda
As a best practice, access credentials such as the user info in the URI of Elasticsearch node URIs
should never be logged in plaintext.

Refs Graylog2/graylog2-server#4804

(cherry picked from commit 55ad3d5)
joschi pushed a commit to graylog-labs/Jest that referenced this issue May 24, 2018
Jochen Schalanda
As a best practice, access credentials such as the user info in the URI of Elasticsearch node URIs
should never be logged in plaintext.

Refs Graylog2/graylog2-server#4804

(cherry picked from commit 55ad3d5)
@joschi
Copy link
Contributor

@joschi joschi commented May 24, 2018

@joschi joschi self-assigned this May 24, 2018
@joschi joschi added this to the 3.0.0 milestone May 24, 2018
joschi pushed a commit that referenced this issue May 24, 2018
Jochen Schalanda
@bernd bernd added the security label May 24, 2018
@bernd bernd closed this in #4805 May 24, 2018
bernd added a commit that referenced this issue May 24, 2018
joschi added a commit that referenced this issue May 24, 2018
Fixes #4804
Refs #4805
Refs searchbox-io/Jest#592
Refs graylog-labs/Jest@55ad3d5

(cherry picked from commit 11cad1f)
bernd added a commit that referenced this issue May 24, 2018
Fixes #4804
Refs #4805
Refs searchbox-io/Jest#592
Refs graylog-labs/Jest@55ad3d5

(cherry picked from commit 11cad1f)
@bernd bernd modified the milestones: 3.0.0, 2.4.5 May 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants