[openstack-dev] masking X-Auth-Token in debug output - proposed consistency

Sean Dague sean at dague.net
Fri Jun 13 10:59:44 UTC 2014


The password dumping is actually in oslo apiclient. So that too should
be scrubbed, but it has to happen in oslo first.

So mostly just because I found it here.

	-Sean

On 06/12/2014 10:47 PM, Xuhan Peng wrote:
> Sorry to interrupt this discussion.
> 
> Sean, 
> 
> Since I'm working the neutron client code change, by looking at your
> code change to nova client, looks like only X-Auth-Token is taken care
> of in http_log_req. There is also password in header and token id in
> response. Any particular reason that they are not being taken care of?
> 
> Thanks, 
> Xu Han
>> Sent from Mailbox <https://www.dropbox.com/mailbox> for iPhone
> 
> 
> On Fri, Jun 13, 2014 at 8:47 AM, Gordon Chung <chungg at ca.ibm.com
> <mailto:chungg at ca.ibm.com>> wrote:
> 
>     >I'm hoping we can just ACK this approach, and get folks to start moving
>     > patches through the clients to clean this all up.
> 
>     just an fyi, in pyCADF, we obfuscate tokens similar to how credit
>     cards are handled: by capturing a percentage of leading and trailing
>     characters and substituting the middle ie. "4724 xxxxxxxx 8478".
>     whatever we decide here, i'm all for having a consistent way of
>     masking and minimising tokens in OpenStack.
> 
>     cheers,
>     gordon chung
>     openstack, ibm software standards 
> 
> 
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 


-- 
Sean Dague
http://dague.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140613/cb1659f8/attachment.pgp>


More information about the OpenStack-dev mailing list