Home > Software design >  Cybersecutiry: Springboot actuator env and info show connection string uri mongodb
Cybersecutiry: Springboot actuator env and info show connection string uri mongodb

Time:11-18

Mongodb driver need connection string by spring.data.mongodb.uri and you can't set it by single properties.

When you call actuator info or env, it show all secrets data for mongodb as username,password, host,...

Exists a workaround to hide specific properties for info in this case spring.data.mongodb.uri ?

Thanks a lot.

CodePudding user response:

Yes, exposing env and info endpoints can be a costly security mistake.

You can either disable the endpoints if not needed or turn on authentication and access control for certain endpoints.

CodePudding user response:

the solution is to use

management:
  endpoint:
    info:
      enabled: true
      keys-to-sanitize: # Hide secrets data for cybersecurity
        spring.data.mongodb.uri,.*password*.,.*secret.*,.*key.*,.*token.*,.*credentials.*
    env:
      enabled: true
      keys-to-sanitize: # Hide secrets data for cybersecurity
        spring.data.mongodb.uri,.*password*.,.*secret.*,.*key.*,.*token.*,.*credentials.*

Page link:https//www.codepudding.com/Softwaredesign/196350.html

Prev:mongoose.findoneandupdate() says updated successfully but no changes occur in database
Next:Mongo array querying with an index
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding