Do not disclose credentials upon unsuccessful login

pteich / elastic-query-export

🚚 Export Data from ElasticSearch to CSV/JSON using a Lucene Query (e.g. from Kibana) or a raw JSON Query string

MIT License

89 stars 18 forks source link

Do not disclose credentials upon unsuccessful login #7

Closed brablc closed 3 years ago

brablc commented 3 years ago

When connecting using es-query-export -c "http://username:password@localhost:9200" the password is leaked when server is not available:

2021/11/02 13:50:42 Error connecting to ElasticSearch http://username:password@localhost:9200/ - elastic: Error 401 (Unauthorized)

Would it be possible to hide the password? Or is there any possibility to use entry from .netrc (as in curl --netrc-file /root/.netrc)?

pteich commented 3 years ago

I've changed the output in case of an error as the underlying library mentioning the host anyway (and hides the password)

2021/11/03 19:47:39 Error connecting to ElasticSearch: health check timeout: Head "http://username:***@localhost:9200": dial tcp [::1]:9200: connect: connection refused: no Elasticsearch node available

I've creating a new release for this.

Regarding .netrc - this should be possible, I'll have a look at it.

brablc commented 3 years ago

The error message is great when node does not respond, in case when username / password is incorrect the message is somewhat short:

2021/11/04 16:12:25 Error connecting to ElasticSearch: elastic: Error 401 (Unauthorized)