io `tf.io.MongoDBIODataset` prints password in plaintext when connecting to server

`tf.io.MongoDBIODataset` prints password in plaintext when connecting to server

Open joshhansen opened this issue 2 years ago • 1 comments

When connecting to a MongoDB database using MongoDBIODataset, the password used is twice printed in plaintext in an insecure fashion. For example, if the username is admin and the password is abc123, connecting to server example.com would lead to output like this:

2022-03-28 23:27:36.991099: I tensorflow_io/core/kernels/mongodb_kernels.cc:43] Connecting to: mongodb://admin:[email protected]
Connection successful: mongodb://username:[email protected]

As you can see, abc123 is revealed in both of these lines. This is exactly what happens in practice, as I see my own password printed out clearly when running this code (with dummy values substituted for privacy):

URI = "mongodb://admin:[email protected]"
DATABASE = "db"
COLLECTION = "col"

data = tfio.experimental.mongodb.MongoDBIODataset(
    uri=URI, database=DATABASE, collection=COLLECTION
)

Other Mongo tools redact the password in logging output, and it seems appropriate for this tool to do so as well.

Mar 29 '22 06:03 joshhansen

Same with Kafka. From my logs:

2022-07-13 12:39:04.388267: I tensorflow_io/core/kernels/kafka_kernels.cc:879] Kafka configuration: sasl.password=<redacted>

Perhaps I'll open a new issue

Jul 13 '22 19:07 chuck-confluent

io io copied to clipboard

`tf.io.MongoDBIODataset` prints password in plaintext when connecting to server

io
io copied to clipboard