trove exist events send out admin password in the event string
Bug #1218028 reported by
Saurabh Surana
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack DBaaS (Trove) |
Fix Released
|
Critical
|
Justin Hopper | ||
Bug Description
The way we construct admin context for generating exists event, the password for the admin user is set in the auth_token field which is sent out in the exist events.
| Changed in trove: | |
| assignee: | nobody → Justin Hopper (justin-hopper) |
| Changed in trove: | |
| status: | New → In Progress |
| Changed in trove: | |
| milestone: | none → havana-rc1 |
| information type: | Private Security → Public |
| Changed in trove: | |
| importance: | Undecided → Critical |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to trove (master) | #1 |
| Changed in trove: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to trove (milestone-proposed) | #2 |
| Changed in trove: | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to trove (milestone-proposed) | #3 |
| Changed in trove: | |
| milestone: | havana-rc1 → 2013.2 |
To post a comment you must log in.
Reviewed: https:/
Committed: http://
Submitter: Jenkins
Branch: master
commit 52d892fe546535f
Author: justin-hopper <email address hidden>
Date: Wed Sep 11 14:09:49 2013 -0700
Fixed Admin Auth Token in Notification
before notifications are sent - admin auth token is
set to None to ensure it is not logged
Fixes: Bug 1218028
Change-Id: Ib53244f14d8e2e