default setup for horizon lets passwords be logged

Bug #1333419 reported by Matt Fischer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-horizon
Fix Released
Undecided
Matt Fischer

Bug Description

The default config for horizon (log_level=DEBUG) allows passwords to be logged in the horizon.log file. Setting this to INFO or higher + a warning on it would be appropriate.

Matt Fischer (mfisch)
Changed in puppet-horizon:
assignee: nobody → Matt Fischer (mfisch)
Matt Fischer (mfisch)
Changed in puppet-horizon:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/102025

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-horizon (master)

Reviewed: https://review.openstack.org/102025
Committed: https://git.openstack.org/cgit/stackforge/puppet-horizon/commit/?id=d6d982739b548daddf9b6d2668ffa58e818b412c
Submitter: Jenkins
Branch: master

commit d6d982739b548daddf9b6d2668ffa58e818b412c
Author: Matt Fischer <email address hidden>
Date: Mon Jun 23 15:49:17 2014 -0600

    Switch default log handler level to INFO

    This matches the default for Horizon of Debug=False. It also includes a
    warning of how setting log_level to DEBUG can lead to logging passwords.

    Change-Id: I2a026808f86e8f97d09546389e482d820ebbe17b
    Closes-Bug: #1333419

Changed in puppet-horizon:
status: In Progress → Fix Committed
Mathieu Gagné (mgagne)
Changed in puppet-horizon:
milestone: none → 5.0.0
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.