[openstack-dev] masking X-Auth-Token in debug output - proposed consistency
Thierry Carrez
thierry at openstack.org
Thu Jun 12 08:50:37 UTC 2014
Morgan Fainberg wrote:
> I’ve been looking over the code for this and it turns out plain old SHA1
> is a bad idea. We recently had a patch land in keystone client and
> keystone to let us configure the hashing algorithm used for token
> revocation list and the short-token ids.
>
> I’ve updated my patch set to use ‘{OBSCURED}%(token)s’ instead of
> specifying a specific obscuring algorithm. This means that if we ever
> update the way we obscure the data in the future, we’re not lying about
> what was done in the log. The proposed approach can be found
> here: https://review.openstack.org/#/c/99432
Looks good!
--
Thierry Carrez (ttx)
More information about the OpenStack-dev
mailing list