[openstack-dev] passwords in logs --security related

Matt Van Winkle mvanwink at rackspace.com
Thu Apr 18 08:47:10 UTC 2013


Honestly, no passwords should be logged anywhere.  We need to be able to expose logs in a way that doesn't provide a feat platform for non-privileged users to script athentication against

Sent from my iPhone

On Apr 17, 2013, at 11:58 PM, "Bhandaru, Malini K" <malini.k.bhandaru at intel.com<mailto:malini.k.bhandaru at intel.com>> wrote:

Hello All!

David Geng is addressing a case of password logging in keystone. Do we handle any passwords in other openstack
components and log them?  Might they benefit from David moving his fix into Oslo as a log filter (a nice suggestion from Guang-yee).
Please weigh in. If yes, what is expected the string pattern?

https://review.openstack.org/#/c/26487/


Regards
Malini
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130418/33f54f3d/attachment.html>


More information about the OpenStack-dev mailing list