[JAVA-3093] Connection string is displayed with password in logs if it contains an invalid key Created: 14/Nov/18 Updated: 28/Oct/23 Resolved: 15/Nov/18 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Security |
| Affects Version/s: | 3.6.4, 3.7.1, 3.9.0 |
| Fix Version/s: | 3.9.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Ravi Natesan | Assignee: | Jeffrey Yemin |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Minor Change | ||||
| Description |
|
Sample Code to recreate: String mongoUriString= "mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&adsada=1000" MongoClientURI mongoClientURI = new MongoClientURI(mongoUriString)
The above code will log, 2018-11-14 15:18:53.692 WARN docgen — [ost-startStop-1] org.mongodb.driver.uri : Unsupported option 'adsada' in the connection string 'mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&adsada=1000'.
I think we should not be logging the connection string in the log. |
| Comments |
| Comment by Ravi Natesan [ 15/Nov/18 ] |
|
Thanks Jeff for fixing it quickly!! |
| Comment by Githook User [ 15/Nov/18 ] |
|
Author: {'name': 'Jeff Yemin', 'email': 'jeff.yemin@10gen.com', 'username': 'jyemin'}Message: Remove connection string from log message A connection string containing an unsupported option generates a log
|
| Comment by Githook User [ 15/Nov/18 ] |
|
Author: {'name': 'Jeff Yemin', 'email': 'jeff.yemin@10gen.com', 'username': 'jyemin'}Message: Remove connection string from log message A connection string containing an unsupported option generates a log
|