How to disable credentials logging in CURLLogger

Question

How to disable credentials logging in CURLLogger

AnnieSemenova opened this issue 4 years ago · comments

Hello!
We faced such issue: in the production environment we can't enable Debug logging without full excluding CURLLogger because credentials are printed either.
CURLLogger is important, because it shows the real request to ArangoDB and we can't use it.

https://github.com/arangodb/arangodb-java-driver/blob/master/src/main/java/com/arangodb/internal/http/CURLLogger.java#L63

Maybe we can configure this behavior in some way?
If not I think it would be good to have this opportunity, because enabling debug for CURLLogger can be impossible by security reasons.

Michele Rastelli · Answer 1 · Wed Oct 20 2021 14:16:01 GMT+0800 (China Standard Time)

At the moment this is not directly supported by the driver, but you could achieve it using a custom logback PatternLayout.
For reference see: https://www.baeldung.com/logback-mask-sensitive-data

Michele Rastelli · Answer 2 · Fri Jan 20 2023 18:24:49 GMT+0800 (China Standard Time)

Fixed in https://github.com/arangodb/arangodb-java-driver/releases/tag/v7.0.0-ALPHA.1

Michele Rastelli · Answer 3 · Tue Mar 21 2023 22:09:09 GMT+0800 (China Standard Time)

Credentials are not logged anymore since version 7.0.0.
https://github.com/arangodb/arangodb-java-driver/releases/tag/v7.0.0-RC.4

Michele Rastelli · Answer 4 · Thu Apr 20 2023 20:46:53 GMT+0800 (China Standard Time)

Closing as fixed in version 7.0.0.