Client password printed in logs in plaintext #262
Description
I'm finding that under an amount of load this plugin is beginning to have requests to the configured HTTP endpoint timeout. This is probably either some resource issue, or some issue with my API implementation.
So that's probably my problem, but the reason I'm raising this issue is that when this occurs, the entire request URL is printed in the EMQX logs - including the client's password.
Here is an example log output:
{"log":"([email protected])1> 2021-05-17 03:04:20.825 [error] <<"57d06312-67ef-4c95-8d63-0e606da765c2">>@10.49.10.178:56094 [Hooks] Failed to execute {emqx_auth_http,check,[#{auth_req => {http_request,post,"/auth",[{<<"content-type">>,<<"application/x-www-form-urlencoded">>}],[{"username","%u"},{"password","%P"},{"clientid","%c"},{"ipaddress","%a"}],5000},pool_name => emqx_auth_http,super_req => undefined}]}: {{timeout,{gen_server,call,[<0.1723.0>,{post,{"/auth",[{<<"content-type">>,<<"application/x-www-form-urlencoded">>}],<<"username=REDACTED&password=REDACTED&clientid=REDACTED&ipaddress=10.49.10.178">>},5000},6000]}},[{gen_server,call,3,[{file,"gen_server.erl"},{line,223}]},{emqx_auth_http_cli,do_request,5,[{file,"emqx_auth_http_cli.erl"},{line,50}]},{emqx_auth_http,check,3,[{file,"emqx_auth_http.erl"},{line,45}]},{emqx_hooks,safe_execute,2,[{file,"emqx_hooks.erl"},{line,164}]},{emqx_hooks,do_run_fold,3,[{file,"emqx_hooks.erl"},{line,143}]},{emqx_access_control,authenticate,1,[{file,"emqx_access_control.erl"},{line,77}]},{emqx_channel,auth_connect,2,[{file,"emqx_channel.erl"},{line,1181}]},{emqx_misc,pipeline,3,[{file,"emqx_misc.erl"},{line,107}]}]}