Redis Connection string is logged with the password

Tags: #<Tag:0x00007faff699a9c8>

When starting up, the server logs the following text:
11-04-2015 14:06:30 INFO Using job storage: ‘redis://myPassword@myRedisServer/0’.

The password that is used to connect to the redis server should not be logged. Recommend masking the password, otherwise, allow disabling logging the connection string.

Exposing the password in a log file is oftentimes considered a security risk.

Awesome report, @gklesczewski! I’ve created an issue on GitHub, released Hangfire.Pro.Redis 1.4.2 that contains the fix for this issue. It is highly recommended to update to this release, and change Redis password.

1 Like