Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obfuscate passwords #5805

Closed
rgstephens opened this issue May 12, 2020 · 3 comments · Fixed by #5849
Closed

Obfuscate passwords #5805

rgstephens opened this issue May 12, 2020 · 3 comments · Fixed by #5849
Assignees
@ricwo
Labels
area:rasa-oss 🎡 Anything related to the open source Rasa framework type:bug 🐛 Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@rgstephens
Copy link
Contributor

Database passwords are written to the log when verbose logging is enabled.

Rasa version: 1.9.5

Issue:
Passwords should not be written in clear text to the log.
@rgstephens rgstephens added type:bug 🐛 Inconsistencies or issues which will cause an issue or problem for users or implementors. area:rasa-oss 🎡 Anything related to the open source Rasa framework labels May 12, 2020
@akelad
Copy link
Contributor

akelad commented May 13, 2020

@rgstephens do you have details of where the passwords get logged? As in, at which stage of the start up?

@rgstephens
Copy link
Contributor Author

Here's an example log message (I've replaced the password with asterisks):

DEBUG    rasa.core.tracker_store  - Attempting to connect to database via 'postgresql://admin:****************@db:5432/rasa'

@ncplol
Copy link

ncplol commented May 17, 2020

This looks pretty simple, I can open a PR as a first contribution. Wondering if/how it makes sense to test for this?

@ricwo ricwo mentioned this issue May 18, 2020
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ricwo ricwo

Labels
area:rasa-oss 🎡 Anything related to the open source Rasa framework type:bug 🐛 Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Hide SQL password in logs RasaHQ/rasa
5 participants
@rgstephens @alwx @ncplol @ricwo @akelad