[CSHARP-2749] Driver should hide credentials in exception message Created: 23/Sep/19 Updated: 28/Oct/23 Resolved: 14/Oct/19 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | Error Handling |
| Affects Version/s: | None |
| Fix Version/s: | 2.9.3 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Jeffrey Yemin | Assignee: | Dmitry Lukyanov (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Description |
|
The C# driver throws an exception when the connection string is not valid. In one case the error message contains the entire connection string, which would include the username/password if present. See: While this error message does not necessarily mean the username/password is exposed, error messages are often logged, in which case the username/password could be recorded in places where it shouldn't be. |
| Comments |
| Comment by Githook User [ 16/Oct/19 ] |
|
Author: {'username': 'DmitryLukyanov', 'email': 'dmitry.lukyanov@mongodb.com', 'name': 'Dmitry Lukyanov'}Message: |
| Comment by Githook User [ 14/Oct/19 ] |
|
Author: {'name': 'Dmitry Lukyanov', 'username': 'DmitryLukyanov', 'email': 'dmitry.lukyanov@mongodb.com'}Message: |