[Openstack-security] [Bug 1708122] Re: Don't return back the sensitive information to user
Tristan Cacqueray
tdecacqu at redhat.com
Tue Aug 15 03:01:05 UTC 2017
Switching the OSSA task to Won't Fix since this looks like a class D
(harderning) at most.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1708122
Title:
Don't return back the sensitive information to user
Status in OpenStack Heat:
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
We return back the sensitive information to user when some exception happen, for example, when DBError happened, we will return the whole sql statement to user, it's not safe, also we return the traceback to user, it's not necessary.
Maybe we can do the same thing like nova and cinder to add an attribute 'safe' for some exceptions to decide whether to return the information like the error message details to user.
To manage notifications about this bug go to:
https://bugs.launchpad.net/heat/+bug/1708122/+subscriptions
More information about the Openstack-security
mailing list