search

cockroachdb / cockroach

CockroachDB — the cloud native, distributed SQL database designed for high availability, effortless scale, and control over data placement.
https://www.cockroachlabs.com
Other
30.02k stars 3.79k forks source link

SHOW CHANGEFEED JOBS exposes password in URI #82270

Closed greg-crl closed 10 months ago

greg-crl commented 2 years ago

Describe the problem

Executing SHOW CHANGEFEED JOBS displays the actual password in the the sink_uri field.

Example: 

CREATE CHANGEFEED ... INTO  
'kafka://<host>:<port>?tls_enabled=true&ca_cert=<cert>&sasl_enabled=true&sasl_user=MY_USERNAME&sasl_password=MY_PASSWORD&sasl_mechanism=SASL-SCRAM-SHA-256'

then select sink_uri from [show changefeed jobs]; displays the complete URI, including sasl_password=MY_PASSWORD.

Expected behavior

Password should be redacted.

Jira issue: CRDB-16328

github-actions[bot] commented 10 months ago

We have marked this issue as stale because it has been inactive for 18 months. If this issue is still relevant, removing the stale label or adding a comment will keep it active. Otherwise, we'll close it in 10 days to keep the issue queue tidy. Thank you for your contribution to CockroachDB!