Closed KKcorps closed 2 years ago
Currently we push SegmentGenerationJobSpec into logs in the following place https://github.com/apache/pinot/blob/7e9ca6a5a4afe0d4e283ac1307c45430e474cbf2/pinot-spi/src/main/java/org/apache/pinot/spi/ingestion/batch/IngestionJobLauncher.java#L100
SegmentGenerationJobSpec
This may be problematic from security perspective since job spec can contain authToken, username, password as well.
authToken
username
password
We should avoid logging these fields.
Changes might be needed in other classes as well where we log these fields as well.
@KKcorps can this issue be closed, seems like the fixes were already merged?
Currently we push
SegmentGenerationJobSpec
into logs in the following place https://github.com/apache/pinot/blob/7e9ca6a5a4afe0d4e283ac1307c45430e474cbf2/pinot-spi/src/main/java/org/apache/pinot/spi/ingestion/batch/IngestionJobLauncher.java#L100This may be problematic from security perspective since job spec can contain
authToken
,username
,password
as well.We should avoid logging these fields.
Changes might be needed in other classes as well where we log these fields as well.