-
Type: Task
-
Resolution: Unresolved
-
Priority: Unknown
-
None
-
Component/s: Logging
-
None
-
Needed
-
(copied to CRM)
Summary
Driver connection string parsing logic can lead to secrets being printed to logs: PYTHON-4588, this has also been observed in the Java Sync driver as well(no ticket filed) Additionally we've seen this in at least one other case: GODRIVER-3134
Motivation
Who is the affected end user?
Generally affects a business as a security risk.
How does this affect the end user?
It's a security risk
How likely is it that this problem or use case will occur?
Edge case
If the problem does occur, what are the consequences and how severe are they?
Depending on the institution(banks, government), it could outright block development if its observed.
Is this issue urgent?
No timeline
Is this ticket required by a downstream team?
No
Is this ticket only for tests?
Addressing this ticket for each driver would address a security risk.
Acceptance Criteria
<>
- is related to
-
PYTHON-4588 Connection string parser allows invalid passwords, prints passwords
- Closed
- related to
-
JAVA-5560 IllegalArgumentException thrown from ConnectionString could contain sensitive data in its message
- Closed