MLE-30243 Ensure password is sanitized in any logging

Author: Ryan Dew

marklogic-client-api/src/main/java/com/marklogic/client/impl/ConnectionString.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+ * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
  */
 package com.marklogic.client.impl;
 
@@ -86,4 +86,11 @@ public String getPassword() {
 	public String getDatabase() {
 		return database;
 	}
+
+	// Override toString() to avoid printing the password in logs or error messages
+	@Override
+	public String toString() {
+		String db = (database != null) ? "/" + database : "";
+		return username + ":****@" + host + ":" + port + db;
+	}
 }

marklogic-client-api/src/test/java/com/marklogic/client/impl/DatabaseClientPropertySourceTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+ * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
  */
 package com.marklogic.client.impl;
 
@@ -197,6 +197,18 @@ void nonNumericPortInConnectionString() {
 		assertEquals("Invalid value for connection string; port must be numeric, but was 'nonNumericPort'", ex.getMessage());
 	}
 
+	@Test
+	void toStringRedactsPassword() {
+		ConnectionString cs = new ConnectionString("user:secret@localhost:8000", "connection string");
+		assertEquals("user:****@localhost:8000", cs.toString());
+	}
+
+	@Test
+	void toStringRedactsPasswordWithDatabase() {
+		ConnectionString cs = new ConnectionString("user:secret@localhost:8000/Documents", "connection string");
+		assertEquals("user:****@localhost:8000/Documents", cs.toString());
+	}
+
 	@Test
 	void hostTakesPrecedence() {
 		props.put(PREFIX + "host", "somehost");