Redact password #7198
Redact password #7198
Conversation
Signed-off-by: crowu <y.wu4515@gmail.com>
|
Hm.. I don't think this change is responsible for the test failure here: https://github.com/vitessio/vitess/pull/7198/checks?check_run_id=1567275976 The change basically only change the string we add to log 😅 (?) |
go/vt/mysqlctl/query.go
Outdated
| if j == -1 { | ||
| return input | ||
| } | ||
| input = input[:i+len(masterPasswordStart)] + strings.Repeat("*", j) + input[i+len(masterPasswordStart)+j:] |
There was a problem hiding this comment.
Why are we preserving the lenght of the password, should we not keep it a constant length? We do not want people to be able to infer the length either from the logs.
Otherwise, LGTM
There was a problem hiding this comment.
Yeah, good point - updated
GuptaManan100
added
Component: Query Serving
P3
Type: Enhancement
Signed-off-by: crowu <y.wu4515@gmail.com>
|
Looks like failed tests are still unrelated to this change.. |
Hopefully they are transient errors.. |
Looks like it's all cleared! |
Signed-off-by: crowu y.wu4515@gmail.com
Backport
YES
Status
READY
Description
If we do any SQL commend with password, Vitess will log it. And currently vitess only redact master password.
This PR tries to redact any password in the SQL query so that people won't see it as plain text in the log
Related Issue(s)
List related PRs against other branches:
This addresses #7197:
Todos
Deployment Notes
NA
Impacted Areas in Vitess
List general components of the application that this PR will affect: