[Openstack-security] [Bug 1479523] Re: Stop using debug for insecure responses
Dolph Mathews
1479523 at bugs.launchpad.net
Wed Jul 29 21:44:03 UTC 2015
Setting this to Wishlist because it should be included in release notes.
** Changed in: keystone
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1479523
Title:
Stop using debug for insecure responses
Status in Keystone:
In Progress
Bug description:
If you set debug=true in keystone.conf the server 1) logs at debug level, and 2) sends out insecure responses. Deployers might think that debug=true only does 1, not knowing about 2 since it's not documented in the sample config. The behaviors should be decoupled to improve security a bit.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1479523/+subscriptions
More information about the Openstack-security
mailing list