[Tarantool-patches] [PATCH] box: replication shouldn't leak user password

Maria Khaydich maria.khaydich at tarantool.org
Tue Mar 3 20:26:16 MSK 2020


Squashed them. Looks like we’ve got to LGTMs here.

  
>Среда, 26 февраля 2020, 19:19 +03:00 от Igor Munkin <imun at tarantool.org>:
> 
>Masha,
>
>Thanks, the patch LGTM considering Vlad's remarks and review fix on top.
>Please don't forget to squash it with the original patch.
>
>On 13.12.19, Maria wrote:
>> It was possible to leak user password through setting 'replication'
>> configuration option in first box.cfg invocation. This happened due
>> to unconditional logging in load_cfg function. The patch introduces
>> conditional logging.
>>
>> Closes #4493
>> ---
>> Issue:
>>  https://github.com/tarantool/tarantool/issues/4493
>> Branch:
>>  https://github.com/tarantool/tarantool/tree/eljashm/gh-4493-box.cfg-log-may-leak-passwords
>>
>> src/box/lua/load_cfg.lua | 3 +++
>> test/box/load_cfg.result | 37 +++++++++++++++++++++++++++++++++++++
>> test/box/load_cfg.test.lua | 14 ++++++++++++++
>> test/box/lua/cfg_test6.lua | 10 ++++++++++
>> 4 files changed, 64 insertions(+)
>> create mode 100644 test/box/load_cfg.result
>> create mode 100644 test/box/load_cfg.test.lua
>> create mode 100644 test/box/lua/cfg_test6.lua
>>
>
><snipped>
>
>> --
>> 2.20.1 (Apple Git-117)
>>
>
>--
>Best regards,
>IM 
 
 
--
Maria Khaydich
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.tarantool.org/pipermail/tarantool-patches/attachments/20200303/fb71cd33/attachment.html>


More information about the Tarantool-patches mailing list