[openstack-dev] masking X-Auth-Token in debug output - proposed consistency

Thierry Carrez thierry at openstack.org
Thu Jun 12 08:50:37 UTC 2014


Morgan Fainberg wrote:
> I’ve been looking over the code for this and it turns out plain old SHA1
> is a bad idea.  We recently had a patch land in keystone client and
> keystone to let us configure the hashing algorithm used for token
> revocation list and the short-token ids. 
> 
> I’ve updated my patch set to use ‘{OBSCURED}%(token)s’ instead of
> specifying a specific obscuring algorithm. This means that if we ever
> update the way we obscure the data in the future, we’re not lying about
> what was done in the log. The proposed approach can be found
> here: https://review.openstack.org/#/c/99432

Looks good!

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list