Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2950

Drivers connection string parsing logic can print secrets in logs.

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Logging
    • None
    • Needed

      Summary

      Driver connection string parsing logic can lead to secrets being printed to logs: PYTHON-4588, this has also been observed in the Java Sync driver as well(no ticket filed) Additionally we've seen this in at least one other case: GODRIVER-3134

      Motivation

      Who is the affected end user?

      Generally affects a business as a security risk.

      How does this affect the end user?

      It's a security risk

      How likely is it that this problem or use case will occur?

      Edge case

      If the problem does occur, what are the consequences and how severe are they?

      Depending on the institution(banks, government), it could outright block development if its observed.

      Is this issue urgent?

      No timeline

      Is this ticket required by a downstream team?

      No

      Is this ticket only for tests?

      Addressing this ticket for each driver would address a security risk.

      Acceptance Criteria

      <>

            Assignee:
            Unassigned Unassigned
            Reporter:
            khalen.fredieu@mongodb.com Khalen Fredieu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: