Connection string is displayed with password in logs if it contains an invalid key

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 3.9.1
    • Affects Version/s: 3.6.4, 3.7.1, 3.9.0
    • Component/s: Security
    • None
    • None
    • Minor Change
    • None
    • None
    • None
    • None
    • None
    • None

      Sample Code to recreate:

      String  mongoUriString= "mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&adsada=1000"

      MongoClientURI mongoClientURI = new MongoClientURI(mongoUriString)

       

      The above code will log,

      2018-11-14 15:18:53.692 WARN docgen — [ost-startStop-1] org.mongodb.driver.uri : Unsupported option 'adsada' in the connection string 'mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&adsada=1000'.

       

      I think we should not be logging the connection string in the log.

              Assignee:
              Jeffrey Yemin
              Reporter:
              Ravi Natesan
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: