[openstack-dev] masking X-Auth-Token in debug output - proposed consistency
Sean Dague
sean at dague.net
Fri Jun 13 10:59:44 UTC 2014
The password dumping is actually in oslo apiclient. So that too should
be scrubbed, but it has to happen in oslo first.
So mostly just because I found it here.
-Sean
On 06/12/2014 10:47 PM, Xuhan Peng wrote:
> Sorry to interrupt this discussion.
>
> Sean,
>
> Since I'm working the neutron client code change, by looking at your
> code change to nova client, looks like only X-Auth-Token is taken care
> of in http_log_req. There is also password in header and token id in
> response. Any particular reason that they are not being taken care of?
>
> Thanks,
> Xu Han
> —
> Sent from Mailbox <https://www.dropbox.com/mailbox> for iPhone
>
>
> On Fri, Jun 13, 2014 at 8:47 AM, Gordon Chung <chungg at ca.ibm.com
> <mailto:chungg at ca.ibm.com>> wrote:
>
> >I'm hoping we can just ACK this approach, and get folks to start moving
> > patches through the clients to clean this all up.
>
> just an fyi, in pyCADF, we obfuscate tokens similar to how credit
> cards are handled: by capturing a percentage of leading and trailing
> characters and substituting the middle ie. "4724 xxxxxxxx 8478".
> whatever we decide here, i'm all for having a consistent way of
> masking and minimising tokens in OpenStack.
>
> cheers,
> gordon chung
> openstack, ibm software standards
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Sean Dague
http://dague.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140613/cb1659f8/attachment.pgp>
More information about the OpenStack-dev
mailing list