Comments (4)
pjfanning
commented on July 30, 2024
Looks like #100 missed some possible use cases. @mdedetrich could you have a quick look? I'm not too concerned because it is debug logging but it is something we will want to fix in a 1.0.1 release before too long.
from pekko-connectors-kafka.
pjfanning
commented on July 30, 2024
@tkaszuba could you provide some hints about which properties are exposed?
I must admit to not understanding when it became the job of open source lib maintainers to redact logs and why companies don't write code or buy products to redact their logs if they choose to expose them to untrusted people.
from pekko-connectors-kafka.
mdedetrich
commented on July 30, 2024
That is odd, the PR I used should have fixed any instance of Pekko's ConsumerSettings printing out these secrets. Do note that in the implementation of #100 that was referenced, we use Kafka's own internal mechanism for stripping out sensitive values (i.e. Kafka uses this itself).
Can you double check that Kafka itself is also stripping these values by creating an equivalent base Java ConsumerSettings. Also would be helpful to state what is the kafka version and what maybe provide a redacted list of the settings that its printing out which it shouldn't
from pekko-connectors-kafka.
tkaszuba
commented on July 30, 2024
Thank you for answering and providing me details, I didn't know this is handled in newer versions. If you are in fact inheriting from the standard kafka libs than this is handled correctly already. Sorry for the confusion.
from pekko-connectors-kafka.
Related Issues (20)
- check if we have any code that is not from Lightbend or from Pekko team HOT 1
- add disclaimer
- docs: links to source code that contain line numbers will need to be fixed HOT 1
- docs: alternative for alpakka-samples links HOT 1
- remove akka specific release train
- add back scala 2.12 support HOT 1
- set up source distribution HOT 1
- get tests to work with Scala 3 HOT 2
- Move away from using sbt integration config
- deal with CVE-2023-29471
- acknowledge use of Kafka code HOT 1
- document how to manually build and test this module HOT 1
- remove semver setting in sbt? HOT 2
- document release contributors
- upgrade kafka client HOT 4
- Migrate documentation to new API
- New package version HOT 6
- Unable to run nightly tests
- `StopFromStage` not delivered
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pekko-connectors-kafka.