-
Notifications
You must be signed in to change notification settings - Fork 752
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obfuscate passwords in DSN logs #1042
Comments
Can you provide an example redacted log entry? That would help narrow down the bad code. I can't find anywhere that doesn't redact the password when logging. |
here you have one: |
@EvertonCalgarotto That log entry looks like it's from an old version of the exporter. What version are you using? |
v0.10.1 |
v0.10.1 is very old. The most recent is v0.15.0. That log entry should not happen on the most recent version. |
v0.10.1. The code on most recent looks the same, is there anything sanitizing these passwords? |
It looks like the cause there is that the old redaction func is not accounting for the key=value style of DSN. The newer structures for DSN do account for this. The best thing to do here on the code side would probably be to parse this into the DSN and use the String() func from that. Short term, you could use a URL style connection string which should redact this (postgres://username:password@host/?params) |
Ah okay, so if we used the more modern dsn, we would not be seeing the passwords in our logs? is this the new format you're referring to? |
Yes with that format you should not be seeing the password. I believe that the format you reference is correct. That said, this should still be resolved in code. |
@drewwells Have you solved using this new format with DATA_SOURCE_NAME environment variable? I'm facing similar problem because but slight different. The password is indeed obfuscated in the err message. But then it outputs as plain text in the dsn message.
|
I think you're running a different version than us. We're still on DSN format of connection string is obfuscated. We're not getting the same type of error you are so unsure if that fixes it for you. |
Thanks for quick response. I'm using v0.16 and I think that I found the error. It seem to be introduced here #1073 It solved my issue using the v0.15. Maybe we should remove this dsn output or use the loggableDSN function to avoid this error |
I see that in v0.16, good find. I opened a ticket to upgrade to v0.16 today and Ill move that back to TBD :) |
I can't see a solution in release 0.16.0.
From my point of view its a bug. Best regards |
This log line was not sanitized previously which could result in logging sensitive information. I have scanned the rest of the files and I don't see anywhere else that DSN is used in a log line without this filter. Resolves prometheus-community#1042 Signed-off-by: Joe Adams <github@joeadams.io>
Proposal
Use case. Why is this important?
We don't want to log our database passwords in our logs. Add a feature to remove passwords when logging out DSN. If there's other auth methods for exporter, maybe it's sufficient to document that using DSN with password will include the password in the log.
The text was updated successfully, but these errors were encountered: