From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp43.i.mail.ru (smtp43.i.mail.ru [94.100.177.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 764FD469719 for ; Thu, 5 Mar 2020 07:49:59 +0300 (MSK) Date: Thu, 5 Mar 2020 07:49:57 +0300 From: Kirill Yukhin Message-ID: <20200305044957.ay2dq6gtf2scxgd2@tarantool.org> References: <20191212212543.37466-1-maria.khaydich@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20191212212543.37466-1-maria.khaydich@tarantool.org> Subject: Re: [Tarantool-patches] [PATCH] box: replication shouldn't leak user password List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Maria Cc: tarantool-patches@dev.tarantool.org, v.shpilevoy@tarantool.org Hello, On 13 дек 00:25, Maria wrote: > It was possible to leak user password through setting 'replication' > configuration option in first box.cfg invocation. This happened due > to unconditional logging in load_cfg function. The patch introduces > conditional logging. > > Closes #4493 > --- > Issue: > https://github.com/tarantool/tarantool/issues/4493 > Branch: > https://github.com/tarantool/tarantool/tree/eljashm/gh-4493-box.cfg-log-may-leak-passwords I've checked your patch into 1.10, 2.2, 2.3 and master. -- Regards, Kirill Yukhin