Tokens shouldn't be logged since a token could be gathered from a
log file and used. The client was logging the X-Auth-Token and
X-Subject-Token request headers. With this change, the X-Auth-Token
and X-Subject-Token are shown as "TOKEN_REDACTED".
Also, the "Authentication" header is also redacted.
Reviewed: https:/ /review. openstack. org/110117 /git.openstack. org/cgit/ openstack/ python- keystoneclient/ commit/ ?id=605577192d7 158ecf40bd9a94b 7cf3acc2ce1c95
Committed: https:/
Submitter: Jenkins
Branch: master
commit 605577192d7158e cf40bd9a94b7cf3 acc2ce1c95
Author: Brant Knudson <email address hidden>
Date: Mon Jul 28 14:34:53 2014 -0500
Redact tokens in request headers
Tokens shouldn't be logged since a token could be gathered from a
log file and used. The client was logging the X-Auth-Token and
X-Subject-Token request headers. With this change, the X-Auth-Token
and X-Subject-Token are shown as "TOKEN_REDACTED".
Also, the "Authentication" header is also redacted.
This is for security hardening.
SecurityImpact
Closes-Bug: #1004114
Closes-Bug: #1327019
Change-Id: I1edc3821ed0284 71102cc9b95eb9f 3b54c9e2778