Comment 37 for bug 1492140
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: consoleauth token displayed in log file | #37 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Thanks again for the clarification. So to restate, the novnc maintainers recommend using websockify in a way which exposes authentication tokens in logs, and don't provide any means of mitigating the resulting credential leak. This puts consumers of their software in an unfortunate position, and suggests that we should not continue to encourage use of Nova's novnc integration except in cases where operators are comfortable assuming that risk and taking measures to secure the logs of their per-cell nova-novncproxy daemons.