Open NiuBlibing opened 1 year ago
Hi @NiuBlibing @Revolyssup, I think you could remove this log
Hi @NiuBlibing @Revolyssup, I think you could remove this log
Given the number of considerations to be taken to hide the password, I think your suggestion to just remove this log makes sense. I will do this
If looking at error log is a security issue then user can just as easily GET for the route configuration and see the password.
@Revolyssup about your consideration, we have secret and encrypted-storage-fields to hide the password
If looking at error log is a security issue then user can just as easily GET for the route configuration and see the password.
@Revolyssup about your consideration, we have secret and encrypted-storage-fields to hide the password
Is that encrypted-storage-fields need to be implemented by the plugin rather than I can config myself? If so, seems it is not impleted yet? Thanks.
Current Behavior
https://github.com/apache/apisix/blob/4ea0dda7b7afc58c2d69a4b420637e90ff2bda61/apisix/utils/batch-processor-manager.lua#L60-L61 will write kafka's password to log
Expected Behavior
Don't log password
Error Logs
2023/08/10 07:53:03 [warn] 10#10: *11078359 [lua] batch-processor-manager.lua:60: removing batch processor stale object, conf: {"include_resp_body":false,"required_acks":1,"cluster_name":1,"producer_batch_num":200,"producer_batch_size":1048576,"producer_max_buffering":50000,"producer_time_linger":1,"inactive_timeout":5,"include_req_body":false,"name":"kafka logger","meta_format":"default","retry_delay":1,"_meta":{"disable":false},"kafka_topic":"persistent://apisix/pro/accesslog","producer_type":"async","batch_max_size":1000,"brokers":[{"host":"127.0.0.1","sasl_config":{"password":"token:password","mechanism":"PLAIN","user":"apisix/pro"},"port":9092}],"timeout":3,"max_retry_count":0,"buffer_duration":60,"meta_refresh_interval":30}, context: ngx.timer, client: 10.1.226.250, server: 0.0.0.0:9080
Steps to Reproduce
Environment
apisix version
): 3.4.1uname -a
):openresty -V
ornginx -V
):curl http://127.0.0.1:9090/v1/server_info
):luarocks --version
):