Credentials leaking in logs
sebadob opened this issue · comments
Describe the bug
It's not a bug but more a small security issue.
When a database connection fails for filer
, the credentials are logged into the console.
For instance, I have set up a test deployment with a Postgres. In case of a connection error to the DB, the username and password are logged into the console as plain test.
This is not a critical thing, so it could be done with any upcoming release, I guess.
System Setup
Any running filer
with an external database (postgres in this case), which cannot connect to the DB. For instance provide an unreachable IP or something like this.
Expected behavior
I would suggest to either not log the password
at all, or log it with debug
or trace
level only, so it would normally not show up.
That was a very quick one, thanks!