Connection credential is printed out in error log

[aadchy]

Hello,

When there is a connection issue, e.g. server disconnected unexpectedly, an error log is printed out with State which includes username , password within connection_settings.

2024-05-28T08:39:44.109591+08:00 error: GenServer :gnat terminating, ** (stop) "connection closed", Last message: {:tcp_closed, #Port<0.12>}, State: %{socket: #Port<0.12>, parser: %Gnat.Parsec{partial: nil}, connection_settings: %{port: 4222, host: "localhost", password: "xxxxxxxxxxx", username: "xxxxxxxxxxx", tls: false, ssl_opts: [], auth_required: true, inbox_prefix: "_INBOX.", connection_timeout: 3000, no_responders: false, tcp_opts: [:binary]}, server_info: %{port: 4222, version: "2.10.14", host: "0.0.0.0", go: "go1.21.9", headers: true, client_id: 11, proto: 1, auth_required: true, git_commit: "31af767", cluster: "xxxxxxxxxxx", server_name: "xxxxxxxxxxx", server_id: "xxxxxxxxxxx", max_payload: 8388608, client_ip: "xxxxxxxxxxx", xkey: "xxxxxxxxxxx"}, receivers: %{0 => %{monitor_ref: nil, recipient: #PID<0.788.0>, unsub_after: :infinity}, 1 => %{monitor_ref: #Reference<0.230481281.3309043716.60743>, recipient: #PID<0.992.0>, unsub_after: :infinity}}, request_inbox_prefix: "_INBOX.9KSPZ08ScKIxaqcd.", next_sid: 2, request_receivers: %{}}

Would it be possible to remove connection_settings from State to avoid leaking credential information ?

Thank you very much!

[mmmries]

Hey @aadchy I can definitely see why these logs could be problematic, but I'm not sure it will be easy to remove those elements from the state. Perhaps we could drop these parts of the state after a successful handshake, but it still wouldn't cover cases where the process dies during the authentication process.

Have you checked into log masking for your application? I know that tools like honeybadger provide tools to scrub data before it goes to an alerting system. I generally find this process helpful since there will always be some process in my system that holds sensitive data.

[mmmries]

One other solution could be to avoid holding those credentials in the state. Maybe we allow you to pass in a configuration key and hold that key in state and then use Application.get_env to pull in the credentials just when they're needed?

That way a process crash would just include something like credentials: {:my_app, :config_key} rather than the actual credentials?

[aadchy]

@mmmries , thanks for the reply.
The solution to pass a configuration key and retrieve credential by Application.get_env is a good idea. Yes, in this way, whenever the state gets printed, it won't leak the actual credential values.

Thank you very much!