puppet-horizon

default setup for horizon lets passwords be logged

Bug #1333419 reported by Matt Fischer on 2014-06-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	puppet-horizon	Fix Released	Undecided	Matt Fischer	puppet-horizon 5.0.0 "5.0.0"

Bug Description

The default config for horizon (log_level=DEBUG) allows passwords to be logged in the horizon.log file. Setting this to INFO or higher + a warning on it would be appropriate.

Tags:

Matt Fischer (mfisch) on 2014-06-23

Changed in puppet-horizon:
assignee:	nobody → Matt Fischer (mfisch)

Matt Fischer (mfisch) on 2014-06-23

Changed in puppet-horizon:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-06-23: Fix proposed to puppet-horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/102025

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-11: Fix merged to puppet-horizon (master)

Reviewed: https://review.openstack.org/102025
Committed: https://git.openstack.org/cgit/stackforge/puppet-horizon/commit/?id=d6d982739b548daddf9b6d2668ffa58e818b412c
Submitter: Jenkins
Branch: master

commit d6d982739b548daddf9b6d2668ffa58e818b412c
Author: Matt Fischer <email address hidden>
Date: Mon Jun 23 15:49:17 2014 -0600

Switch default log handler level to INFO

This matches the default for Horizon of Debug=False. It also includes a
warning of how setting log_level to DEBUG can lead to logging passwords.

Change-Id: I2a026808f86e8f97d09546389e482d820ebbe17b
Closes-Bug: #1333419

Changed in puppet-horizon:
status:	In Progress → Fix Committed

Mathieu Gagné (mgagne) on 2015-03-27

Changed in puppet-horizon:
milestone:	none → 5.0.0
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.