docker-ejabberd icon indicating copy to clipboard operation
docker-ejabberd copied to clipboard

Published 20 hours ago verified publisher icon rroemhild

password in plain text in Containers log

Open jjmonsalveg opened this issue 7 years ago • 5 comments

Hello, When running the container:

Docker run -d
     --name "ejabberd"
     -p 5222: 5222      -p 5269: 5269      -p 5280: 5280      -h 'xmpp.example.de'      -e "XMPP_DOMAIN = example.de"      -e "ERLANG_NODE = ejabberd"      -e "[email protected] [email protected]"
     -e "[email protected]: password1234 [email protected]"
     -e "TZ = Europe / Berlin"      Rroemhild / ejabberd

In the log the passwords are shown in plain text, how can I avoid this ?:

ejabberd_1 | User [email protected] successfully registered ejabberd_1 | Password for user [email protected] is password1234 :point_left:

Can someone help me please? thanks

jjmonsalveg avatar Feb 20 '17 15:02 jjmonsalveg

hello! @rroemhild in version 17.01 this file docker-20_ejabberd_register_users.sh prints the password in stdout in plain text this exposes the credentials of the users

jjmonsalveg avatar Mar 30 '17 23:03 jjmonsalveg

Hi @jjmonsalveg, this could be solved with another envvar. Something like EJABBERD_EXPOSE_CREDENTIALS true or false and hide user passwords if set to false.

rroemhild avatar Apr 07 '17 09:04 rroemhild

That is a good idea or you can also take advantage of the variable EJABBERD_LOGLEVEL when it has value 5 (debug) ejabberd also shows the credentials

jjmonsalveg avatar Apr 07 '17 11:04 jjmonsalveg

Why should we hide the password at all? If it's an security issue then the user should be created with the API or located on a different database, i.e. LDAP, MySQL. If you set the password in the environment variable, others with access can see the environment variable from the running container too.

The idea to print the password to STDOUT is for fast and simple setup or for tests.

I think passwords set via environment or generated by the random password generator are just for the first start and should be changed immediately in an production environment.

Do you agree? What are your thoughts why we should hide the password from stdout?

rroemhild avatar Apr 07 '17 16:04 rroemhild

Hello again, @rroemhild thanks for responding. As I mentioned above when running the container:

 docker run  \
--name "ejabberd" \
-p 5222:5222 \
-p 5269:5269 \
-p 5280:5280 \
-h 'xmpp.example.de' \
-e "XMPP_DOMAIN=example.de" \
-e "ERLANG_NODE=ejabberd" \
-e "[email protected] [email protected]" \
-e "[email protected]:password1234 [email protected]" \
-e "TZ=Europe/Berlin" \
rroemhild/ejabberd:17.01

It produces this result in stdout log:

User [email protected] successfully registered Password for user [email protected] is password1234 User [email protected] successfully registered Password for user [email protected] is poW1DSrZf9f68ExE

If we run it by adding "EJABBERD_LOGLEVEL = 5":

docker run --name "ejabberd" -p 5222:5222 -p 5269:5269 -p 5280:5280 -h
'xmpp.example.de' -e "XMPP_DOMAIN=example.de" -e "ERLANG_NODE=ejabberd" -e
"[email protected] [email protected]" -e
"[email protected]:password1234 [email protected]" -e
"TZ=Europe/Berlin" -e "EJABBERD_LOGLEVEL=5" rroemhild/ejabberd:17.01

Then in stdout log we can see a more verbose output from the ejabberd technology added to the echo of your docker-20_ejabberd_register_users.sh:

17:08:44.657 [debug] Command 'register' execution allowed by rule 'console commands' (CallerInfo=#{caller_module => ejabberd_ctl}) 17:08:44.657 [debug] Executing command ejabberd_admin:register with Args=[<<"admin">>,<<"example.de">>,<<"password1234">>] User [email protected] successfully registered Password for user [email protected] is password1234 17:08:44.846 [debug] Command 'register' execution allowed by rule 'console commands' (CallerInfo=#{caller_module => ejabberd_ctl}) 17:08:44.846 [debug] Executing command ejabberd_admin:register with Args=[<<"admin2">>,<<"example.de">>,<<"hR8CZxl15JHfzMUl">>] User [email protected] successfully registered Password for user [email protected] is hR8CZxl15JHfzMUl

I see three options for obtaining the "desired" operation:

  1. EJABBERD_EXPOSE_CREDENTIALS as you suggest above
  2. delete the "echo" from sh docker-20_ejabberd_register_users.sh and for development and test environments set "EJABBERD_LOGLEVEL = 5"
  3. The last one is to print your output with echo if and only if EJABBERD_LOGLEVEL is equal to 5

I explain why I expose the case, what happens is that I use docker cloud and any user authorized to enter from a web browser (any member of the team of developers) can see the credentials of the users in plain text from the log, the log is Shown from the docker cloud web interface, so for a development / test environment is phenomenal but for production maybe not. Solve this taken option 2 for my production environment I deleted the echo and use EJABBERD_LOGLEVEL less than 5

jjmonsalveg avatar Apr 10 '17 15:04 jjmonsalveg