[rabbitmq-discuss] Fwd: Sensitive data in the RabbitMQ log files
Simon MacMullen
simon at rabbitmq.com
Mon Mar 10 14:56:13 GMT 2014
On 10/03/2014 12:55PM, Iain Hull wrote:
> I would like to know if the rabbitmq log files could contain sensitive data.
>
> In our deployment we regard the names of queues and exchanges as
> sensitive, so could these appear in the standard rabbitmq logs?
Under those definitions then yes, names of queues and exchanges can
certainly appear in the logs. For example, just declare a queue with
durable=true and then attempt to redeclare it with durable=false; you'll
get an error logged containing the name of the queue.
> Also could rabbitmq usernames appear in the sasl log?
The sasl log is a log for misbehaving processes. ("sasl" is this:
http://www.erlang.org/doc/apps/sasl/ not this:
http://tools.ietf.org/html/rfc4422). As such it could contain data from
any process that crashed - including usernames and even passwords if you
are unlucky.
You should really treat access to the log files as privileged in the
same way as access to the server OS process.
Cheers, Simon
--
Simon MacMullen
RabbitMQ, Pivotal
More information about the rabbitmq-discuss
mailing list