Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-3093

Connection string is displayed with password in logs if it contains an invalid key

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.9.1
    • Affects Version/s: 3.6.4, 3.7.1, 3.9.0
    • Component/s: Security
    • Labels:
      None
    • Minor Change

      Sample Code to recreate:

      String  mongoUriString= "mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&adsada=1000"

      MongoClientURI mongoClientURI = new MongoClientURI(mongoUriString)

       

      The above code will log,

      2018-11-14 15:18:53.692 WARN docgen — [ost-startStop-1] org.mongodb.driver.uri : Unsupported option 'adsada' in the connection string 'mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&adsada=1000'.

       

      I think we should not be logging the connection string in the log.

            Assignee:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Reporter:
            ravinatesan Ravi Natesan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: