[Openstack] API Security
Hao Wang
hao.1.wang at gmail.com
Sat Apr 26 20:25:54 UTC 2014
It is the client. I got this message with DEBUG enabled:
curl -i 'http://192.168.56.103:35357/v2.0/tokens' -X POST -H "Content-Type:
application/json" -H "Accept: application/json" -H "User-Agent:
python-novaclient" -d '{"auth": {"tenantName": "admin",
"passwordCredentials": {"username": "admin", "password": "admin"}}}'
It can be seen that username and password are right in the message.
Hao
On Sat, Apr 26, 2014 at 4:08 PM, Aaron Knister <aaron.knister at gmail.com>wrote:
> Was it the client or the server that exposed the credentials?
>
> Sent from my iPhone
>
> On Apr 26, 2014, at 2:28 PM, Hao Wang <hao.1.wang at gmail.com> wrote:
>
> Hi,
>
> I am troubleshooting a neutron case. It was just found that if DEBUG was
> enabled, neutron would print out JSON data with username and password. I am
> wondering what kind of protocol is used in production environment to
> prevent this security risk from happening.
>
> Thanks,
> Hao
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140426/fb11f7aa/attachment.html>
More information about the Openstack
mailing list