Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.0.3, 1.1.1, 1.2.0
-
None
-
None
Description
As reported by Joseph Stevens on DC/OS Community Slack: https://dcos-community.slack.com/archives/C10DCMHK4/p1492126723695465
So I've noticed that the Mesos Fetcher prints the URI it's using in plain text to the stderr logs. This is a serious problem since if you're using something like the mesos spark framework, it uses mesos fetcher under the hood, and the only way to fetch authenticated resources is to pass the auth as part of the URI. This means every time we start a job we're printing a username and password into the task sandbox and consequently into anything that picks up those logs from the agents. Could you guys change that so the password is obfuscated on print when a URI has credentials inside it?