OpenStack Security Notes

  1. Bug #1004114
  2. Comment #28

Comment 28 for bug 1004114

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-keystoneclient (master)

Reviewed: https://review.openstack.org/110117
Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=605577192d7158ecf40bd9a94b7cf3acc2ce1c95
Submitter: Jenkins
Branch: master

commit 605577192d7158ecf40bd9a94b7cf3acc2ce1c95
Author: Brant Knudson <email address hidden>
Date: Mon Jul 28 14:34:53 2014 -0500

    Redact tokens in request headers

    Tokens shouldn't be logged since a token could be gathered from a
    log file and used. The client was logging the X-Auth-Token and
    X-Subject-Token request headers. With this change, the X-Auth-Token
    and X-Subject-Token are shown as "TOKEN_REDACTED".

    Also, the "Authentication" header is also redacted.

    This is for security hardening.

    SecurityImpact

    Closes-Bug: #1004114
    Closes-Bug: #1327019

    Change-Id: I1edc3821ed028471102cc9b95eb9f3b54c9e2778