Defect #600
closed
Secret value is printed into application log
100%
Description
I have a stored secret configuration value. When retrieving with debug info enabled, it prints the value into the application log:
2017-07-25 23:21:53.305 DEBUG 10970 --- [nio-8009-exec-2] .b.i.c.m.s.i.DefaultConfigurationService : Configuration value for key [idm.sec.security.recaptcha.secretKey] was found in confidential storage
2017-07-25 23:21:53.306 DEBUG 10970 --- [nio-8009-exec-2] .b.i.c.m.s.i.DefaultConfigurationService : Resolved configuration value for key [idm.sec.security.recaptcha.secretKey] and default [null] is [HERE_IS_THE_VALUE].
No secret should be printed into the log, even during debug. If unsure, please consult this with ZB
Updated by Radek Tomiška almost 7 years ago
- Status changed from New to Rejected
- Assignee changed from Vít Švanda to Filip Měšťánek
Configuration property could be set as confidential. Confidential property is saved into confidential storage and is not shown in log, etc.
"secret" attribute is used as private properties - see doc: https://wiki.czechidm.com/7.3/dev/configuration/backend
Updated by Radek Tomiška almost 7 years ago
- Status changed from Rejected to In Progress
- Assignee changed from Filip Měšťánek to Radek Tomiška
I found the place, when even confidential value is printed into the log, i fix it.
Updated by Radek Tomiška almost 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
I've fixed printing confidential value into log.
Could you do a test and feedback, please?
Updated by Vít Švanda almost 7 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
Looks and works fine.