[Openstack-security] [Bug 1158328] Re: passwords in config files stored in plaintext
Sean Dague
sean at dague.net
Wed Sep 3 20:14:05 UTC 2014
I feel like this is pretty strongly out of scope. Applications that need
to talk to databases that require passwords need access to those
passwords in plain text. While we could do obfuscation, it doesn't
really address the issue, it just makes you think you addressed it.
Honestly better to leave things clear so people rightly understand that
a compromise of that file means all bets are off.
** Changed in: nova
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1158328
Title:
passwords in config files stored in plaintext
Status in OpenStack Compute (Nova):
Won't Fix
Bug description:
The credentials for database conenctions and the keystone authtoken
are stored in plaintext within the nova.conf and apipaste config
files.
These values should be encrypted. A scheme similar to /etc/shadow
would be great.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1158328/+subscriptions
More information about the Openstack-security
mailing list