IBMStreams / streamsx.messagehub

Repository to provide easy integration with IBM MessageHub Bluemix Service
https://ibmstreams.github.io/streamsx.messagehub/
Apache License 2.0
1 stars 6 forks source link

trace of cloud service credentials at INFO level #77

Closed ghost closed 5 years ago

ghost commented 5 years ago

Service credentials are traced at INFO level. This is a security risk as sensitive information is exposed.

https://github.com/IBMStreams/streamsx.messagehub/blob/457f63fae8218ef0c37d33d8a20ea235bc7fa0a6/com.ibm.streamsx.messagehub/impl/java/src/com/ibm/streamsx/messagehub/operators/utils/MessageHubOperatorUtil.java#L78

ghost commented 5 years ago

Credentials trace will look like this:

17 Jan 2019 13:17:17.413+0100 [7699] INFO #splapptrc,J[0],P[0],ConsumedMsgs[0] M[MessageHubOperatorUtil.java:com.ibm.streamsx.messagehub.operators.utils.MessageHubOperatorUtil.loadMessageHubCredsFromFile:78]  - creds = {
...
} (893 characters)
ghost commented 5 years ago

resolved in v1.7.4