Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-22136

Strip passwords from logging output when logging into atlassian-confluence.log

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      2011-03-25 12:14:23,510 INFO [main] [confluence.upgrade.upgradetask.EmbeddedCrowdSynchronisationUpgradeTask] doUpgrade Starting initial sync of directory: com.atlassian.crowd.model.directory.DirectoryImpl@c2b8eb[lowerName=upgraded atlassian-user ldap (ldaprepository),description=LDAP configuration upgraded from an existing atlassian-user configuration,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.MicrosoftActiveDirectory,allowedOperations=[UPDATE_GROUP_ATTRIBUTE, CREATE_GROUP, UPDATE_USER_ATTRIBUTE, DELETE_GROUP, UPDATE_GROUP],attributes={ldap.read.timeout=60000, ldap.user.displayname=displayName, ldap.pooling=true, ldap.role.name=cn, ldap.usermembership.use=false, ldap.search.timelimit=0, ldap.user.objectclass=person, ldap.group.objectclass=group, ldap.role.description=description, ldap.user.firstname=givenname, ldap.pagedresults=true, ldap.group.description=cn, ldap.group.usernames=member, ldap.user.group=memberOf, ldap.user.filter=(objectClass=person), ldap.user.username.rdn=sAMAccountName, ldap.password=*******, ldap.relaxed.dn.standardisation=false, ldap.secure=false, ldap.role.usernames=member, ldap.group.filter=(objectClass=group), ldap.user.username=sAMAccountName, ldap.group.dn=ou=Groups, ldap.user.email=mail, ldap.basedn=ou=UserBase,dc=corp,dc=hulu,dc=com, ldap.role.filter=(objectclass=group), ldap.roles.disabled=true, ldap.connection.timeout=30000, ldap.url=ldap://somecompany:389, ldap.usermembership.use.for.groups=false, ldap.referral=true, ldap.userdn=CN=Linux-LDAP,OU=ServiceAccounts,OU=UserBase,DC=corp,DC=hulu,DC=com, ldap.user.lastname=sn, ldap.pagedresults.size=100, ldap.group.name=cn, ldap.local.groups=true, ldap.user.dn=, ldap.user.password=unicodePwd, ldap.role.objectclass=group}]

      In real logs, the ldap.password is not sanitized.

      Attachments

        Issue Links

          is blocked by

          Suggestion - CWD-2668 Strip passwords when logging directory data

          • Closed
          relates to

          Suggestion - CONFCLOUD-22136 Strip passwords from logging output when logging into atlassian-confluence.log

          • Closed

          Activity

            People

              Unassigned Unassigned
              twong Tim Wong (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: