[CSHARP-2749] Driver should hide credentials in exception message Created: 23/Sep/19  Updated: 28/Oct/23  Resolved: 14/Oct/19

Status: Closed
Project: C# Driver
Component/s: Error Handling
Affects Version/s: None
Fix Version/s: 2.9.3

Type: Bug Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Dmitry Lukyanov (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related

 Description   

The C# driver throws an exception when the connection string is not valid. In one case the error message contains the entire connection string, which would include the username/password if present.

See:

https://github.com/mongodb/mongo-csharp-driver/blob/v2.8.1/src/MongoDB.Driver.Core/Core/Configuration/ConnectionString.cs#L671

While this error message does not necessarily mean the username/password is exposed, error messages are often logged, in which case the username/password could be recorded in places where it shouldn't be.



 Comments   
Comment by Githook User [ 16/Oct/19 ]

Author:

{'username': 'DmitryLukyanov', 'email': 'dmitry.lukyanov@mongodb.com', 'name': 'Dmitry Lukyanov'}

Message: CSHARP-2749: Driver should hide credentials in exception message.
Branch: v2.9.x
https://github.com/mongodb/mongo-csharp-driver/commit/bff931c1cca8b98f559a91efb571bb64f51b10a7

Comment by Githook User [ 14/Oct/19 ]

Author:

{'name': 'Dmitry Lukyanov', 'username': 'DmitryLukyanov', 'email': 'dmitry.lukyanov@mongodb.com'}

Message: CSHARP-2749: Driver should hide credentials in exception message.
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/10b6d102f2c593dc11750dc26fa490c8ed61a27f

Generated at Wed Feb 07 21:43:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.