[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change I1edc3821ed028471102cc9b95eb9f3b54c9e2778
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Jul 28 19:57:20 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/110117
Log:
commit bc0962167248a7c5a50ae19a530f54b558f611bf
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Mon Jul 28 14:34:53 2014 -0500
Redact tokens in request headers
Tokens shouldn't be logged since a token could be gathered from a
log file and used. The client was logging the X-Auth-Token and
X-Subject-Token request headers. With this change, the X-Auth-Token
and X-Subject-Token are shown as "TOKEN_REDACTED".
This is for security hardening.
SecurityImpact
Closes-Bug: #1004114
Closes-Bug: #1327019
Change-Id: I1edc3821ed028471102cc9b95eb9f3b54c9e2778
More information about the Openstack-security
mailing list