The existing Command::redactForLogging() predates the --redactClientLogData feature. The two are unrelated. The latter was introduced in 3.4, and when enabled, strips any PII from the logs. The former, on the other hand, is always enabled, and is used to strip password data (as well as to avoid overlong write command lines).
We appear to have confused these two redaction functions, resulting in a places where redaction is missing:
https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L713-L714
https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L758-L762
https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L766-L770
https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L836-L837
Should ServiceEntryPointCommon::getRedactedCopyForLogging() also call redact(const BSONObj&)?
- is related to
-
SERVER-33302 Missing log redaction for a few failure paths
- Closed
-
SERVER-34003 passwords are not redacted from unrecognized commands
- Closed