Redis Connection string is logged with the password

gklesczewski · November 4, 2015, 7:11pm

When starting up, the server logs the following text:
11-04-2015 14:06:30 INFO Using job storage: ‘redis://myPassword@myRedisServer/0’.

The password that is used to connect to the redis server should not be logged. Recommend masking the password, otherwise, allow disabling logging the connection string.

Exposing the password in a log file is oftentimes considered a security risk.

odinserj · November 5, 2015, 2:04pm

Awesome report, @gklesczewski! I’ve created an issue on GitHub, released Hangfire.Pro.Redis 1.4.2 that contains the fix for this issue. It is highly recommended to update to this release, and change Redis password.

Topic		Replies	Views
Hangfire.Pro.Redis connection leak when credentials not valid bug?	1	20	December 2, 2024
Azure REDIS with Hangfire PRO question redis , hangfire-pro	4	2991	March 27, 2018
AWS Elasticache redis cluster with authentication - Hangfire Pro does not seem to accept un/pwd question redis , hangfire-pro	1	974	August 3, 2022
Hangfire on Redis Cluster feature redis	1	2865	September 17, 2015
Redis error in the logs: Expected 'OK' got '1' question hangfire-pro	6	2247	November 24, 2016

Redis Connection string is logged with the password

Related topics