[openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

Lucas Alvares Gomes lucasagomes at gmail.com
Thu Nov 19 12:00:56 UTC 2015


Hi,

> Also keep in mind that DEBUG logging, while still should have some masking
> of data, since it is explicitly called out (or should be) as not safe for
> production, can contain some " sensitive" data. Credentials should still be
> scrubbed, but I would say the swift temp URL is something that may line up
> with this more flexible level of filtering logs.
>
> Now, if the service (and I don't think ironic suffers from this issue) is
> only really runnable with debug on (because there is no useful information
> otherwise) then I would aim to fix that before putting even potentially
> sensitive data in DEBUG.
>
> The simple choice is if there is even a question, don't log it (or log it in
> a way that obscures the data but still shows unique use).
>

I agree with Morgan's statement here.

And just throwing an idea in the wind here, we could make use of the
python logging filters to create a filter for sensitive information.
We probably need one already to avoid having to do things like [1] in
the code.

[1] https://github.com/openstack/ironic/blob/812ed66ccabfcb1c1862951ea95a68b9d93b1672/ironic/drivers/modules/iscsi_deploy.py#L275-L284

Cheers,
Lucas



More information about the OpenStack-dev mailing list