diff --git a/kmip/core/config_helper.py b/kmip/core/config_helper.py index 38754cc..1b167f0 100644 --- a/kmip/core/config_helper.py +++ b/kmip/core/config_helper.py @@ -47,6 +47,10 @@ class ConfigHelper(object): def __init__(self, path=None): self.logger = logging.getLogger(__name__) + # DEBUG logging here may expose passwords, so log at INFO by default. + # However, if consumers know the risks, let them go ahead and override. + if self.logger.level == logging.NOTSET: + self.logger.setLevel(logging.INFO) self.conf = SafeConfigParser() diff --git a/kmip/services/server/kmip_protocol.py b/kmip/services/server/kmip_protocol.py index 0be8a41..0a0c168 100644 --- a/kmip/services/server/kmip_protocol.py +++ b/kmip/services/server/kmip_protocol.py @@ -27,6 +27,10 @@ class KMIPProtocol(object): def __init__(self, socket, buffer_size=1024): self.socket = socket self.logger = logging.getLogger(__name__) + # DEBUG logging here may expose secrets, so log at INFO by default. + # However, if consumers know the risks, let them go ahead and override. + if self.logger.level == logging.NOTSET: + self.logger.setLevel(logging.INFO) def write(self, data): if len(data) > 0: