[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change I3dabb94ab047e86b8730e73416c1a1c333688489
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jul 24 14:50:14 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/101792
Log:
commit 0e9ecaa1547306f7af6527126fb88f8151908498
Author: Jamie Lennox <jamielennox at redhat.com>
Date: Wed Jun 18 10:22:10 2014 +1000
Don't log sensitive auth data
Add the ability to turn off logging from the session object and then
handle logging of auth requests within their own sections. This is a
very simplistic ability to completely disable logging. Logging more
filtered debugging can be added later.
This new ability is utilized in this patch to prevent logging of
requests that include passwords. This covers authenticate, password
change, and user update requests that include passwords.
SecurityImpact
Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
Closes-Bug: #1004114
Closes-Bug: #1327019
More information about the Openstack-security
mailing list