search

linuxserver / docker-unifi-network-application

GNU General Public License v3.0
553 stars 41 forks source link

[BUG] cleartext password #10

Closed gomeology closed 9 months ago

gomeology commented 9 months ago

Is there an existing issue for this?

Current Behavior

When using a successful password to connect to the unifi-db, server.log shows url to log in with password in the clear. Unlike if your password fails it shows password hidden.

Expected Behavior

redact the password from server.log

Steps To Reproduce

look in server.log once a successful instance is setup

Environment

- OS: debian 12
- DOCKER: Docker version 24.0.6, build ed223bc
- How docker service was installed: docker.com walk through....

CPU architecture

x86-64

Docker creation

unifi-db:
    image : mongo:3.6
    container_name: unifi-db
    hostname: unifi-db
    environment:
      TZ: America/New_York
      PUID: 1000
      PGID: 1000
        #MONGO_INITDB_ROOT_USERNAME: unifi
        #MONGO_INITDB_ROOT_PASSWORD_FILE: /run/secrets/mongo
    volumes:
      - $DOCKER_DIR/unifi-network/mongo/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
      - $DOCKER_DIR/unifi-network/mongo/unifi_db:/data/db
      - $DOCKER_DIR/unifi-network/mongo/config:/data/configdb
    secrets:
      - mongo
    restart: unless-stopped
    labels:
      - "traefik.enable=false"

  unifi-network:
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-network
    hostname: uc
    environment:
      - TZ=America/New_York
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - MONGO_USER=unifi
      - FILE__MONGO_PASS=/run/secrets/mongo
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
    secrets:
      - mongo
    volumes:
      - $DOCKER_DIR/unifi-network:/config
    ports:
      - '3478:3478/udp'
      - '10001:10001/udp'
      - '8080:8080'
      - '1900:1900/udp'
      - '8843:8843'
      - '8880:8880'
      - '6789:6789'
      - '5514:5514/udp'
    restart: unless-stopped
    depends_on:
      - unifi-db
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.unifi.rule=Host(`uc.mydomain.dev`)"
      - "traefik.http.routers.unifi.entrypoints=websecure"
      - "traefik.http.routers.unifi.tls=true"
      - "traefik.http.services.unifi.loadbalancer.server.port=8443"
      - "traefik.http.services.unifi.loadbalancer.server.scheme=https"

Container logs

[2023-09-15 10:49:15,621] <launcher> INFO  tomcat - Adding basic REST API support during the startup
[2023-09-15 10:49:16,451] <launcher> INFO  system - Tomcat startup took 1287ms
[2023-09-15 10:49:16,464] <launcher> INFO  tomcat - Adding basic REST API support during the startup
[2023-09-15 10:49:22,375] <launcher> INFO  db     - Starting database service initialization...
[2023-09-15 10:49:22,375] <launcher> INFO  db     - waiting for db connection...
[2023-09-15 10:49:22,876] <launcher> INFO  db     - Connecting to mongodb://unifi:MYPASS@unifi-db:27017/unifi
[2023-09-15 10:49:23,013] <launcher> INFO  db     - db connection established...
[2023-09-15 10:49:23,125] <launcher> INFO  db     - db connected (v3.6.23@mongodb://unifi:MYPASS@unifi-db:27017/unifi)
[2023-09-15 10:49:24,973] <launcher> INFO  db     - Database service initialized...
[2023-09-15 10:49:24,981] <launcher> INFO  system - ======================================================================
[2023-09-15 10:49:24,985] <launcher> INFO  system - UniFi 7.5.174 (build atag_7.5.174_22700 - release/release) is started
[2023-09-15 10:49:24,985] <launcher> INFO  system - Environment: UniFi-OS[false], UniFi-Cloud[false], UniFi-MongoService[false]
github-actions[bot] commented 9 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

thespad commented 9 months ago

That's not something we have any control over, it's how the upstream app handles its logging.