Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Unknown
Fix Version/s: None
Component/s: Logging
Labels:
None

Driver Changes:
Needed
Case:

Summary

Driver connection string parsing logic can lead to secrets being printed to logs: ~~PYTHON-4588~~, this has also been observed in the Java Sync driver as well(no ticket filed) Additionally we've seen this in at least one other case: ~~GODRIVER-3134~~

Motivation

Who is the affected end user?

Generally affects a business as a security risk.

How does this affect the end user?

It's a security risk

How likely is it that this problem or use case will occur?

Edge case

If the problem does occur, what are the consequences and how severe are they?

Depending on the institution(banks, government), it could outright block development if its observed.

Is this issue urgent?

No timeline

Is this ticket required by a downstream team?

Is this ticket only for tests?

Addressing this ticket for each driver would address a security risk.

Acceptance Criteria

is related to

PYTHON-4588 Connection string parser allows invalid passwords, prints passwords

Closed

related to

JAVA-5560 IllegalArgumentException thrown from ConnectionString could contain sensitive data in its message

Closed

Assignee:: Unassigned

Reporter:: Khalen Fredieu

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: Jul 29 2024 01:23:03 PM UTC

Updated:: Jul 31 2024 06:16:21 PM UTC

Details

Description

Summary

Motivation

Who is the affected end user?

How does this affect the end user?

How likely is it that this problem or use case will occur?

If the problem does occur, what are the consequences and how severe are they?

Is this issue urgent?

Is this ticket required by a downstream team?

Is this ticket only for tests?

Acceptance Criteria

Attachments

Issue Links

Activity

People

Dates