[openstack-dev] passwords in logs --security related

Eric Windisch eric at cloudscaling.com
Mon Apr 22 19:56:01 UTC 2013

> Seems like (for the RPC code at least) the _safe_log() function is supposed
> to do this, only it doesn't seem to be sanitising all potentially sensitive
> keys.

Yeah, the RPC code is trying to do this, but does so poorly. I've logged a few new bugs.

Eric Windisch

More information about the OpenStack-dev mailing list