[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change If5b196a734e7a0f0b3fa892d5c0436812a5bbd85
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jun 12 05:01:59 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/99432
Log:
commit ae03f3311920f56163b30edd6ae0d89e8954ec8a
Author: Morgan Fainberg <morgan.fainberg at gmail.com>
Date: Wed Jun 11 10:13:32 2014 -0700
Do not expose Token IDs in debug output
It is only very slightly less of a security issue to expose
Token IDs in the logs than it is to expose password details. This
change obscures the Token ID in the debug output in all cases to
ensure that the ID is not presented in any of the logs that could
be read by a unpriviledged source (e.g. lower priv log watchers,
centralized logging, etc).
The raw data elements from the token (e.g. user, roles, expiration
etc) could be added into debug/trace level logging at a future time.
SecurityImpact
Change-Id: If5b196a734e7a0f0b3fa892d5c0436812a5bbd85
More information about the Openstack-security
mailing list