stoerr
commented
3 years ago I'd like to strongly support this. The consequence of this is that we need to switch off various loggers since the password obviously must not be logged, and therefore the whole thing becomes unreliable because it's hard to automatically determined whether the synchronization failed and how it failed. And the problem is even worse - the password appears both in grabbit-receive.log as well as in error.log! I saw it in the following kinds of error messages, possibly there are more:
04.01.2021 16:18:25.746 INFO [clientJobLauncherTaskExecutor-4] org.springframework.batch.core.launch.support.SimpleJobLauncher Job: [FlowJob: [name=clientJob]] completed with the following parameters: [{serverPassword=asdfqwerqwweqrf, deleteBeforeWrite=false, scheme=http, port=4502, transactionID=23423423423, clientUsername=somesyncuser, excludePaths=, workflowConfigIds=, batchSize=150, timestamp=343423432, serverUsername=admin, host=1.2.3.4, pathDeltaContent=true, path=/content/whatever/synced}] and the following status: [FAILED]
04.01.2021 16:17:25.446 INFO [0:0:0:0:0:0:0:1 [1609773445442] PUT /grabbit/job HTTP/1.1] org.springframework.batch.core.launch.support.SimpleJobOperator Attempting to launch job with name=clientJob and parameters=timestamp=433242342,path=/content/something,scheme=http,host=1.2.3.4,port=4502,clientUsername=syncuser,serverUsername=admin,serverPassword=sdfasdfsadasd,transactionID=43232423423,excludePaths=,workflowConfigIds=,deleteBeforeWrite=false,pathDeltaContent=true,batchSize=150
Grabbit logs all incoming configurations into grabbit-receive.log file on INFO level together with serverPassword variable.
So anybody can view passwords via /system/console/slinglog/tailer.txt?tail=10000&grep=*&name=%2Flogs%2Fgrabbit-receive.log or directly on the file system.
Proposition: remove serverPassword variable from logging or replace value with