TO golang proxy logging sensitive data

apache / trafficcontrol

Apache Traffic Control is an Open Source implementation of a Content Delivery Network

https://trafficcontrol.apache.org/

Apache License 2.0

1.03k stars 339 forks source link

TO golang proxy logging sensitive data #1216

Closed elsloo closed 6 years ago

elsloo commented 6 years ago

The Traffic Ops golang proxy appears to be logging some sensitive information contained in the configuration. Specifically this: log.Infof("Using Config: %+v\n", cfg) is writing sensitive information. We should scrub the config of sensitive information before logging and/or log this at a level other than INFO if we don't want to scrub the data.

dewrich commented 6 years ago

We're testing this PR now which should solve this issue https://github.com/apache/incubator-trafficcontrol/pull/1218/files#diff-5351d719d1ed997e55a0756cb19ec457L68

See #1218