I created a first pass document describing some potential solutions to OpenStack sensitive data logging leaks (such as credentials or auth tokens): https://wiki.openstack.org/wiki/Security/Guidelines/logging_guidelines I would appreciate reviews and discussions in order to gain approval of the OSSG and the security-minded community before making recommendations to other projects (especially in the "Possible Implementation Options" section). Thanks! ---paulmo -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140606/f77e007b/attachment.html>