Database passwords being leaked in to logs in connection strings #16001
Labels
area/backend/security
area/backend
area/security
prio/high
Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
What happened:
Database connection strings leak passwords into logs at log level debug
What you expected to happen:
Passwords to be [Filtered] from logging streams
How to reproduce it (as minimally and precisely as possible):
Setup database datastore (Postgres, MySQL, MSSQL)
Set GF_LOG_LEVEL=debug
Anything else we need to know?:
#2488 was opened to deal with this previously but appears to have been closed before any patch was created and applied
Environment:
Master
pkg/tsdb/postgres/postgres.go:22
pkg/tsdb/mysql/mysql.go:47
pkg/tsdb/mssql/mssql.go:27
The text was updated successfully, but these errors were encountered: