Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Database passwords being leaked in to logs in connection strings #16001

Closed
ilude opened this issue Mar 14, 2019 · 0 comments
Closed

Database passwords being leaked in to logs in connection strings #16001

ilude opened this issue Mar 14, 2019 · 0 comments
Assignees
Labels
area/backend/security area/backend area/security prio/high Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone

Comments

@ilude
Copy link

ilude commented Mar 14, 2019

What happened:

Database connection strings leak passwords into logs at log level debug

What you expected to happen:

Passwords to be [Filtered] from logging streams

How to reproduce it (as minimally and precisely as possible):

Setup database datastore (Postgres, MySQL, MSSQL)
Set GF_LOG_LEVEL=debug

Anything else we need to know?:

#2488 was opened to deal with this previously but appears to have been closed before any patch was created and applied

Environment:

  • Grafana version:

Master

  • Data source type & version:

pkg/tsdb/postgres/postgres.go:22
pkg/tsdb/mysql/mysql.go:47
pkg/tsdb/mssql/mssql.go:27

@bergquist bergquist added this to the 6.1 milestone Mar 14, 2019
@bergquist bergquist added prio/high Must be staffed and worked on either currently, or very soon, ideally in time for the next release. area/security area/backend/security area/backend labels Mar 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/backend/security area/backend area/security prio/high Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Development

No branches or pull requests

3 participants