database credentials are visible in log #319

giddel · 2020-07-16T09:48:00Z

Description
The database connection is configured by a connection string containing the credentials.
This connection string is complete printed to the log at startup time.

time="2020-07-16T08:23:13Z" level=debug msg="connecting to database: mysql://XXXX:YYYY@ZZZZ:3306/flipt" server=grpc
time="2020-07-16T08:23:13Z" level=debug msg="migrations up to date" migrator=mysql
time="2020-07-16T08:23:13Z" level=debug msg="starting grpc server" server=grpc store=mysql
time="2020-07-16T08:23:14Z" level=debug msg="starting http server" server=http

Version
Version: 0.16.0

Expected behavior
No credentials are visible in the logs!

The text was updated successfully, but these errors were encountered:

markphelps · 2020-07-16T13:30:31Z

@giddel thanks for the issue! I pushed a backported fix to https://github.com/markphelps/flipt/releases/tag/v0.16.1 since I see you are on v0.16.0

I'm also forward fixing on https://github.com/markphelps/flipt/releases/tag/v0.17.1 / latest if you want to update

giddel added the bug label Jul 16, 2020

markphelps mentioned this issue Jul 16, 2020

Dont log db url #320

Merged

markphelps closed this as completed in #320 Jul 16, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

database credentials are visible in log #319

database credentials are visible in log #319

giddel commented Jul 16, 2020

markphelps commented Jul 16, 2020

database credentials are visible in log #319

database credentials are visible in log #319

Comments

giddel commented Jul 16, 2020

markphelps commented Jul 16, 2020