Clear text password in logfile

[GoogleCodeExporter]

When running logstash and using a stomp connector as input/output, the full URL 
including the clear text password is logged.

Would it be possible to turn off this verbosity?

Thanks,
M

Original issue reported on code.google.com by r4ce2z...@gmail.com on 12 Jan 2011 at 11:17

[GoogleCodeExporter]

Thanks for filing. I'll work on a fix that makes sure we never log the password 
used in any url.

Original comment by jls.semi...@gmail.com on 12 Jan 2011 at 3:33

• Changed state: Accepted

[GoogleCodeExporter]

Original comment by jls.semi...@gmail.com on 18 Jan 2011 at 6:54

• Added labels: Milestone-Release1.0

[GoogleCodeExporter]

Came up with a fix.

I've written a password class for logstash that when printed only reveals 
"<password>" so any normal logging of that object should not reveal the password

Example:

I, [2011-04-06T01:01:28.502000 #21526]  INFO -- agent.rb:273#run_with_config: 
["Starting input", #<LogStash::Inputs::Twitter:0x2bf87baf @tags=[], 
@config={"user"=>"jls_api", "password"=><password>, ...

I think this is sufficient :)

This will show up in 1.0

Original comment by jls.semi...@gmail.com on 6 Apr 2011 at 8:02

• Changed state: Fixed