[JIRA] Created: (LBCLASSIC-205) DBAppender logs sensitive properties to the database when using property substitution in the configuration file
DBAppender logs sensitive properties to the database when using property substitution in the configuration file --------------------------------------------------------------------------------------------------------------- Key: LBCLASSIC-205 URL: http://jira.qos.ch/browse/LBCLASSIC-205 Project: logback-classic Issue Type: Bug Components: appender Affects Versions: 0.9.20 Reporter: Chris Pruett Assignee: Logback dev list Logback's DBAppender logs all properties in its context and MDC to the database. I would like to control which properties are logged, specifically filtering out certain values, but I can't find any options to do so. The documentation is terse: The logging_event_property is used to store the keys and values contained in the MDC or the Context It should be possible to exclude certain properties, especially sensitive properties such as database connection parameters. Here is an example: Logback is configured with a DBAppender that loads its properties from vct.properties: <configuration> <property resource="vct.properties" /> <appender name="DB" class="ch.qos.logback.classic.db.DBAppender"> <connectionSource class="ch.qos.logback.core.db.DataSourceConnectionSource"> <dataSource class="com.mchange.v2.c3p0.ComboPooledDataSource"> <driverClass>com.mysql.jdbc.Driver</driverClass> <jdbcUrl>jdbc:mysql://${log.db.host}:${log.db.port}/${log.db.schema}</jdbcUrl> <user>${log.db.username}</user> <password>${log.db.password}</password> </dataSource> </connectionSource> </appender> <root level="DEBUG"> <appender-ref ref="DB" /> </root> </configuration> vct.properties has the connection settings: log.db.host=localhost log.db.port=3306 log.db.schema=logs_development log.db.username=loguser log.db.password=logpass When an event is logged, all of the connection settings are logged: mysql> select * from logging_event_property where event_id=1; +----------+---------------------+-------------------------------------------+ | event_id | mapped_key | mapped_value | +----------+---------------------+-------------------------------------------+ | 1 | log.db.host | localhost | | 1 | log.db.password | logpass | | 1 | log.db.port | 3306 | | 1 | log.db.schema | logs_development | | 1 | log.db.username | loguser | +----------+---------------------+-------------------------------------------+ Note that this is also documented on Stack Overflow, and logged as a bug per Ceki's request: http://stackoverflow.com/questions/2648267/can-i-prevent-logbacks-dbappender... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.qos.ch/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[ http://jira.qos.ch/browse/LBCLASSIC-205?page=com.atlassian.jira.plugin.syste... ] Ralph Goers commented on LBCLASSIC-205: --------------------------------------- I'd actually like to find a more general purpose way to do this as I ran into this issue with adding the MDC data to structured data. Perhaps a way to identify mdc include keys or exclude keys in the LoggerContext?
DBAppender logs sensitive properties to the database when using property substitution in the configuration file ---------------------------------------------------------------------------------------------------------------
Key: LBCLASSIC-205 URL: http://jira.qos.ch/browse/LBCLASSIC-205 Project: logback-classic Issue Type: Bug Components: appender Affects Versions: 0.9.20 Reporter: Chris Pruett Assignee: Logback dev list
Logback's DBAppender logs all properties in its context and MDC to the database. I would like to control which properties are logged, specifically filtering out certain values, but I can't find any options to do so. The documentation is terse: The logging_event_property is used to store the keys and values contained in the MDC or the Context It should be possible to exclude certain properties, especially sensitive properties such as database connection parameters. Here is an example: Logback is configured with a DBAppender that loads its properties from vct.properties: <configuration> <property resource="vct.properties" /> <appender name="DB" class="ch.qos.logback.classic.db.DBAppender"> <connectionSource class="ch.qos.logback.core.db.DataSourceConnectionSource"> <dataSource class="com.mchange.v2.c3p0.ComboPooledDataSource"> <driverClass>com.mysql.jdbc.Driver</driverClass> <jdbcUrl>jdbc:mysql://${log.db.host}:${log.db.port}/${log.db.schema}</jdbcUrl> <user>${log.db.username}</user> <password>${log.db.password}</password> </dataSource> </connectionSource> </appender> <root level="DEBUG"> <appender-ref ref="DB" /> </root> </configuration> vct.properties has the connection settings: log.db.host=localhost log.db.port=3306 log.db.schema=logs_development log.db.username=loguser log.db.password=logpass When an event is logged, all of the connection settings are logged: mysql> select * from logging_event_property where event_id=1; +----------+---------------------+-------------------------------------------+ | event_id | mapped_key | mapped_value | +----------+---------------------+-------------------------------------------+ | 1 | log.db.host | localhost | | 1 | log.db.password | logpass | | 1 | log.db.port | 3306 | | 1 | log.db.schema | logs_development | | 1 | log.db.username | loguser | +----------+---------------------+-------------------------------------------+ Note that this is also documented on Stack Overflow, and logged as a bug per Ceki's request: http://stackoverflow.com/questions/2648267/can-i-prevent-logbacks-dbappender...
-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.qos.ch/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
participants (2)
-
Chris Pruett (JIRA) -
Ralph Goers (JIRA)