Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DB password exposed in the log when db connect failed. #228

Closed
aqan213 opened this issue Dec 3, 2019 · 1 comment
Closed

DB password exposed in the log when db connect failed. #228

aqan213 opened this issue Dec 3, 2019 · 1 comment
Assignees
@aqan213

Comments

@aqan213
Copy link
Contributor

aqan213 commented Dec 3, 2019

When failed to connect db, the db password will be exposed in the log file, it's a secure issue.
Error logs:

2019/12/03 07:37:39 failed-to-connection-to-database, dburl:postgres://xxx:xxx@autoscalerpostgres.service.cf.internal:5432/autoscaler?sslmode=verify-full&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scalingengine_db/ca.crt,  err:pq: password authentication failed for user "xxx"
failed to connect to database:

Checking the code and found the below line will print the DB url with password:

app-autoscaler-release/src/changeloglockcleaner/sqldb/changelogdb.go

Line 28 in 37f28f8

log.Printf("failed-to-connection-to-database, dburl:%s, err:%s\n", dbUrl, err)

@aqan213 aqan213 self-assigned this Dec 3, 2019
@aqan213 aqan213 mentioned this issue Dec 3, 2019
Merged
@aqan213
Copy link
Contributor Author

aqan213 commented Jan 8, 2020

The pull request was merged. Close it.

@aqan213 aqan213 closed this as completed Jan 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aqan213 aqan213

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aqan213