trove exist events send out admin password in the event string
Bug #1218028 reported by
Saurabh Surana
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
Fix Released
|
Critical
|
Justin Hopper |
Bug Description
The way we construct admin context for generating exists event, the password for the admin user is set in the auth_token field which is sent out in the exist events.
Changed in trove: | |
assignee: | nobody → Justin Hopper (justin-hopper) |
Changed in trove: | |
status: | New → In Progress |
Changed in trove: | |
milestone: | none → havana-rc1 |
information type: | Private Security → Public |
Changed in trove: | |
importance: | Undecided → Critical |
Changed in trove: | |
milestone: | havana-rc1 → 2013.2 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/46138 github. com/openstack/ trove/commit/ 52d892fe546535f 88915b2a8582d48 2af7bae4e1
Committed: http://
Submitter: Jenkins
Branch: master
commit 52d892fe546535f 88915b2a8582d48 2af7bae4e1
Author: justin-hopper <email address hidden>
Date: Wed Sep 11 14:09:49 2013 -0700
Fixed Admin Auth Token in Notification
before notifications are sent - admin auth token is
set to None to ensure it is not logged
Fixes: Bug 1218028 8c77e0bb67e2156 e2eb0165866
Change-Id: Ib53244f14d8e2e