[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change If5b196a734e7a0f0b3fa892d5c0436812a5bbd85
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Jun 18 17:12:54 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/99432
Log:
commit a4bc0127f553f801d97832d437d3c1464ed8bab5
Author: Morgan Fainberg <morgan.fainberg at gmail.com>
Date: Wed Jun 18 10:05:58 2014 -0700
Do not expose Token IDs in debug output
Exposing the raw Token ID in the debug log is almost
as bad as exposing the username/password as a valid
token conveys authorization as long as the token is
valid.
This change obscures the token from the debug logging
and if the token contains a unique tracking id in the
token_data, it will add that into the log-line.
The unique token tracking id will allow for correlating
a specific token to any and all requests made with that
token.
SecurityImpact
Change-Id: If5b196a734e7a0f0b3fa892d5c0436812a5bbd85
More information about the Openstack-security
mailing list