search

influxdata / influxdb

Scalable datastore for metrics, events, and real-time analytics
https://influxdata.com
Apache License 2.0
28.66k stars 3.54k forks source link

[0.10.0-rc1] user passwords not redacted in all queries #5527

Closed norrland closed 8 years ago

norrland commented 8 years ago

InfluxDB 0.10.0-rc1 running in Docker container based on tutum/curl:trusty

User operations from the influxdb gui does not redact all requests in the logs.

[http] 2016/02/02 09:50:14 10.0.0.3 -  - [02/Feb/2016:09:50:14 +0000] OPTIONS /query?q=set+password+for+testuser+%3D+%27testing%27&db=statsd HTTP/1.1 200 0 - Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4 5b858373-c992-11e5-aefc-000000000000 35.184µs
[query] 2016/02/02 09:50:14 SET PASSWORD FOR testuser = [REDACTED]
[http] 2016/02/02 09:50:14 10.0.0.3 - testuser [02/Feb/2016:09:50:14 +0000] GET /query?q=set+password+for+testuser+%3D+%27[REDACTED]%27&db=statsd HTTP/1.1 200 40 http://influxhost:8083/ Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4 5b8b3b4f-c992-11e5-aefd-000000000000 109.168075ms

Reproduced by running the "SET PASSWORD FOR testuser = 'testing'" in influx webui.

norrland commented 8 years ago

Still an issue in 0.10.0 release.

jsternberg commented 8 years ago

I think this is fixed in 0.13. Please try this with 0.13 and comment if it's still not working correctly. Thank you.