Password for Database User in Plaintext in Trove API Log
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
Fix Released
|
Low
|
Khyati Sheth |
Bug Description
Bug #1224700 addressed the logging of passwords in plaintext on the Guest, but not the API.
Example:
{"instance": {"volume": {"size": 5}, "users": [{"password": "thepassword", "name": "theuser"}], "flavorRef": "9", "name": "thedb", "databases": [{"name": "adb"}]}} authorize /opt/stack/
2013-11-25 23:38:21.536 762 DEBUG routes.middleware [-] No route matched for POST /1655cf7ab12043
2013-11-25 23:38:21.538 762 DEBUG routes.middleware [-] Matched POST /1655cf7ab12043
oslo-incubator already handles this situation (https:/
See https:/
Changed in trove: | |
assignee: | nobody → Khyati Sheth (khysheth) |
Changed in trove: | |
status: | New → Incomplete |
status: | Incomplete → Confirmed |
Changed in trove: | |
status: | Confirmed → In Progress |
Changed in trove: | |
importance: | Undecided → Low |
Changed in trove: | |
milestone: | none → icehouse-3 |
status: | Fix Committed → Fix Released |
Changed in trove: | |
milestone: | icehouse-3 → 2014.1 |
Fix proposed to branch: master /review. openstack. org/58858
Review: https:/