#142 Fix ResultsDB Database URI Leak
Closed: Fixed None Opened 9 years ago by tflink.

The following line is emitted into httpd logs whenever the resultsdb cli command is run (actual values sanitized)

[Mon Jun 09 17:46:26.253677 2014] [:error] [pid 25417] doing stream logging
[Mon Jun 09 17:46:26.254150 2014] [:error] [pid 25417] --------------------------------------------------------------------------------
[Mon Jun 09 17:46:26.254165 2014] [:error] [pid 25417] DEBUG in __init__ [/usr/lib/python2.7/site-packages/resultsdb/__init__.py:97]:
[Mon Jun 09 17:46:26.254170 2014] [:error] [pid 25417] using DBURI: postgresql+psycopg2://<username>:<password>@<dbhost>:<dbport>/<dbname>
[Mon Jun 09 17:46:26.254175 2014] [:error] [pid 25417] --------------------------------------------------------------------------------

Infrastructure has asked for the dburi never to be sent to log files as this is a security issue.

While switching the default profile to PROD would mostly fix this, the dburi would still be emitted if we ever put resultsdb into debug mode to triage an issue.

The only 2 solutions I can see are:
remove the log line that emits the entire dburi
have a config value for SHOW_DB_URI that only emits dburi when true


This ticket had assigned some Differential requests:
D143

Login to comment on this ticket.

Metadata