[Openstack] [Openstack-security] API Security
Nathanael Burton
nathanael.i.burton.work at gmail.com
Tue Apr 29 16:28:48 UTC 2014
This isn't logging on the service side, this is logging on the client
because the user ran --debug. This isn't a big security issue other than a
documentation or user educational one.
Natr
On Apr 29, 2014 9:07 AM, "Hao Wang" <hao.1.wang at gmail.com> wrote:
> Adding security group...
>
>
> On Sat, Apr 26, 2014 at 4:25 PM, Hao Wang <hao.1.wang at gmail.com> wrote:
>
>> It is the client. I got this message with DEBUG enabled:
>> curl -i 'http://192.168.56.103:35357/v2.0/tokens' -X POST -H
>> "Content-Type: application/json" -H "Accept: application/json" -H
>> "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin",
>> "passwordCredentials": {"username": "admin", "password": "admin"}}}'
>>
>> It can be seen that username and password are right in the message.
>>
>> Hao
>>
>>
>> On Sat, Apr 26, 2014 at 4:08 PM, Aaron Knister <aaron.knister at gmail.com>wrote:
>>
>>> Was it the client or the server that exposed the credentials?
>>>
>>> Sent from my iPhone
>>>
>>> On Apr 26, 2014, at 2:28 PM, Hao Wang <hao.1.wang at gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> I am troubleshooting a neutron case. It was just found that if DEBUG was
>>> enabled, neutron would print out JSON data with username and password. I am
>>> wondering what kind of protocol is used in production environment to
>>> prevent this security risk from happening.
>>>
>>> Thanks,
>>> Hao
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140429/b78ae432/attachment.html>
More information about the Openstack
mailing list