[Openstack-security] [openstack/keystone] SecurityImpact review request change I774170ff1649bd3b55c6849ed07824bcddecea75
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jun 12 17:01:29 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/99715
Log:
commit 857803885a851735a70835127dfb0a7001ff9c00
Author: Morgan Fainberg <morgan.fainberg at gmail.com>
Date: Thu Jun 12 09:54:00 2014 -0700
SHA1 is not valid for CMS hashing
SHA1 is not a valid target for CMS hashing since it is being used
to obscure the tokens in the debug output of the keystoneclient
session object. This is to prevent a case where the debug output
could contain a valid token.
Sample config has also been updated.
SecurityImpact
Change-Id: I774170ff1649bd3b55c6849ed07824bcddecea75
More information about the Openstack-security
mailing list