cinderclient logs sensitive info in http requests
Bug #1516689 reported by
Anna Sortland
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
High
|
Jose Porrua | ||
python-cinderclient |
Fix Released
|
High
|
Jose Porrua |
Bug Description
cinderclient logs sensitive info in headers when logging http requests in debug mode.
This happens in a couple of places:
cinderclient/
cinderclient/
cinderclient should hash sensitive info in headers such as 'X-Auth-Token' and 'X-Subject-Token'.
For examples, see keystoneclient (https:/
Changed in cinder: | |
assignee: | nobody → Jose Porrua (jose-porrua) |
Changed in cinder: | |
status: | New → In Progress |
Changed in python-cinderclient: | |
status: | New → In Progress |
Changed in python-cinderclient: | |
assignee: | nobody → Jose Porrua (jose-porrua) |
Changed in cinder: | |
importance: | Undecided → High |
Changed in python-cinderclient: | |
importance: | Undecided → High |
Changed in cinder: | |
status: | In Progress → Invalid |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/275755
Review: https:/