OpenStack Identity (keystone)

Overview
Code
Bugs
Blueprints
Translations
Answers

Series essex
Bug #1098307
Comment #19

Comment 19 for bug 1098307

Revision history for this message

Adam Young (ayoung) wrote on 2013-01-21: Re: unauthenticated POST to /tokens can fill up disk/logs

#19

Right. If https://review.openstack.org/#/c/19567/ is not sufficeint, then juchecking Token size won't be,either, as any of the IDs probably can be exploded this way. If I understand the underlying problem, it is that we are logging the whole URL, and the Token ID is in the URL body.

Thus, the fix we need for this is limiting the size of the URL. not justthe size of the token.

I would actually be OK with limiting token size even further. We currently allow a validation of an entire token, with an optimization that we will validate a Hash of the token as the ID. This is actually the PKEY of the token in the database. We can shorten token length for validation to the length of the Hash.