[openstack-dev] passwords in logs --security related

Dolph Mathews dolph.mathews at gmail.com
Thu Apr 18 15:00:06 UTC 2013


1) passwords are currently logged by keystone when you enable debug mode
(and there's a big warning in the sample.conf about passwords in plain text)
2) the fix is very specific to the identity api's json presentation of
passwords
3) if any other service is handling passwords, then we're doing something
very wrong

I don't see a reason for anything to go into oslo?


-Dolph


On Thu, Apr 18, 2013 at 1:48 AM, Bhandaru, Malini K <
malini.k.bhandaru at intel.com> wrote:

>  Hello All!****
>
> ** **
>
> David Geng is addressing a case of password logging in keystone. Do we
> handle any passwords in other openstack****
>
> components and log them?  Might they benefit from David moving his fix
> into Oslo as a log filter (a nice suggestion from Guang-yee).****
>
> Please weigh in. If yes, what is expected the string pattern?****
>
> ** **
>
> https://review.openstack.org/#/c/26487/****
>
> ** **
>
> ** **
>
> Regards****
>
> Malini****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130418/25c21a70/attachment.html>


More information about the OpenStack-dev mailing list