Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obfuscate JDBC Password in query.log #4256

Closed
vga91 opened this issue Nov 28, 2024 · 0 comments
Closed

Obfuscate JDBC Password in query.log #4256

vga91 opened this issue Nov 28, 2024 · 0 comments
Labels
extended-functionality

Comments

@vga91
Copy link
Collaborator

vga91 commented Nov 28, 2024
edited
Loading

See trello card YYFOmCxC

The customer is using a loading script that utilizes APOC.LOAD.JDBC.
When a user uses it, it generates an entry in the query.log files containing its login credential. They need to minimally obfuscate the password.

Although I provided them with the option of configuring aliases in conf/apoc.conf, they deemed this option did not meet their expectations because the password will be hard-written in the apoc.conf file and would like this not to be mentioned anywhere.

Here is their specific feedback:

Log parameters need to be included with the executed queries being logged for internal review.

Aliases can't be stored on the server due to security issues.

JDBC is used to query the internal data warehouse as a gateway to add information to the Neo4j database that was not present during its creation.

If query.log could just put ********** instead of the password in clear text in it while using APOC.JDBC.LOAD, this problem would be solved.
@vga91 vga91 converted this from a draft issue Nov 28, 2024
@vga91 vga91 moved this from Todo to In Progress in APOC Extended Larus Nov 28, 2024
vga91 added a commit that referenced this issue Dec 4, 2024
@vga91
Fixex #4256: Obfuscate JDBC Password in query.log
1a1648f
vga91 added a commit that referenced this issue Dec 4, 2024
@vga91
Fixex #4256: Obfuscate JDBC Password in query.log
85b9cd1
@vga91 vga91 mentioned this issue Dec 4, 2024
Merged
@vga91 vga91 changed the title Obfuscate JDBC Password in query.log: see trello card YYFOmCxC Obfuscate JDBC Password in query.log Dec 4, 2024
@vga91 vga91 moved this from In Progress to Review in APOC Extended Larus Dec 5, 2024
RobertoSannino pushed a commit that referenced this issue Dec 6, 2024
@vga91
Fixex #4256: Obfuscate JDBC Password in query.log (#4261)
32192db
@vga91 vga91 moved this from Review to Done in APOC Extended Larus Dec 6, 2024
vga91 added a commit that referenced this issue Dec 10, 2024
@vga91
Fixex #4256: Obfuscate JDBC Password in query.log (#4261)
54ecf45
@vga91 vga91 mentioned this issue Dec 10, 2024
Merged
@vga91 vga91 closed this as completed Dec 10, 2024
@github-project-automation github-project-automation bot moved this from Done to Done (check if cherry-pick) in APOC Extended Larus Dec 10, 2024
vga91 added a commit that referenced this issue Dec 11, 2024
@vga91
Fixex #4256: Obfuscate JDBC Password in query.log (#4261) (#4294)
270ada9
vga91 added a commit that referenced this issue Dec 17, 2024
@vga91
[NOID] Fixex #4256: Obfuscate JDBC Password in query.log
4956244
@vga91 vga91 mentioned this issue Dec 17, 2024
Merged
vga91 added a commit that referenced this issue Dec 18, 2024
@vga91
[NOID] Fixex #4256: Obfuscate JDBC Password in query.log
f1caee2
vga91 added a commit that referenced this issue Dec 18, 2024
@vga91
[NOID] Fixex #4256: Obfuscate JDBC Password in query.log (#4313)
f4e65dd 
* [NOID] Fixex #4256: Obfuscate JDBC Password in query.log

* [NOID] format changes

* [NOID] removed duplicated test and format changes
@vga91 vga91 moved this from Done (check if cherry-pick) to Done in APOC Extended Larus Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extended-functionality
Projects
APOC Extended Larus
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vga91