Redis Connection string is logged with the password

gklesczewski · November 4, 2015, 7:11pm

When starting up, the server logs the following text:
11-04-2015 14:06:30 INFO Using job storage: ‘redis://myPassword@myRedisServer/0’.

The password that is used to connect to the redis server should not be logged. Recommend masking the password, otherwise, allow disabling logging the connection string.

Exposing the password in a log file is oftentimes considered a security risk.

odinserj · November 5, 2015, 2:04pm

Awesome report, @gklesczewski! I’ve created an issue on GitHub, released Hangfire.Pro.Redis 1.4.2 that contains the fix for this issue. It is highly recommended to update to this release, and change Redis password.

Topic		Replies	Views
Azure REDIS with Hangfire PRO question redis , hangfire-pro	4	2842	March 27, 2018
AWS Elasticache redis cluster with authentication - Hangfire Pro does not seem to accept un/pwd question redis , hangfire-pro	1	844	August 3, 2022
Hangfire on Redis Cluster feature redis	1	2770	September 17, 2015
Ignore if no storage on startup question redis	2	1009	November 21, 2019
Connection to Redis isn't available yet, reconnect is in progress: please try again later bug? redis	2	2309	July 26, 2020

Redis Connection string is logged with the password

Related Topics