2012-05-24 19:02:15 |
Gabriel Hurley |
bug |
|
|
added bug |
2012-05-24 19:02:31 |
Gabriel Hurley |
bug task added |
|
keystone |
|
2012-05-24 19:03:47 |
Gabriel Hurley |
description |
When the log level is set to DEBUG, keystoneclient's full-request logging mechanism kicks in, exposing plaintext passwords, etc.
This bug is mostly out of the scope of Horizon, however Horizon can also be more secure in this regard. We should make sure that wherever we *are* handling sensitive data we use Django's error report filtering mechanisms so they don't appear in tracebacks, etc.
Keystone may also want to look at respecting such annotations in their logging mechanism, i.e. if Django were properly annotating these data objects, keystoneclient could check for those annotations and properly sanitize the log output.
If not this exact mechanism, then something similar would be wise.
For the time being, it's also worth documenting in both projects that a log level of DEBUG will log passwords in plain text. |
When the log level is set to DEBUG, keystoneclient's full-request logging mechanism kicks in, exposing plaintext passwords, etc.
This bug is mostly out of the scope of Horizon, however Horizon can also be more secure in this regard. We should make sure that wherever we *are* handling sensitive data we use Django's error report filtering mechanisms so they don't appear in tracebacks, etc. (https://docs.djangoproject.com/en/dev/howto/error-reporting/#filtering-error-reports)
Keystone may also want to look at respecting such annotations in their logging mechanism, i.e. if Django were properly annotating these data objects, keystoneclient could check for those annotations and properly sanitize the log output.
If not this exact mechanism, then something similar would be wise.
For the time being, it's also worth documenting in both projects that a log level of DEBUG will log passwords in plain text. |
|
2012-05-24 19:15:03 |
Joseph Heck |
keystone: status |
New |
Confirmed |
|
2012-05-24 19:15:06 |
Joseph Heck |
keystone: importance |
Undecided |
High |
|
2012-05-24 22:28:45 |
OpenStack Infra |
horizon: status |
Confirmed |
In Progress |
|
2012-05-26 22:24:23 |
OpenStack Infra |
horizon: status |
In Progress |
Fix Committed |
|
2012-07-04 08:33:21 |
Thierry Carrez |
horizon: status |
Fix Committed |
Fix Released |
|
2012-07-17 21:24:37 |
OpenStack Infra |
keystone: status |
Confirmed |
In Progress |
|
2012-07-17 21:24:37 |
OpenStack Infra |
keystone: assignee |
|
Dolph Mathews (dolph) |
|
2012-07-19 17:31:37 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Committed |
|
2012-08-16 07:29:04 |
Thierry Carrez |
keystone: status |
Fix Committed |
Fix Released |
|
2012-08-16 07:29:04 |
Thierry Carrez |
keystone: milestone |
|
folsom-3 |
|
2012-09-27 14:56:31 |
Thierry Carrez |
horizon: milestone |
folsom-2 |
2012.2 |
|
2012-09-27 15:04:24 |
Thierry Carrez |
keystone: milestone |
folsom-3 |
2012.2 |
|
2013-05-29 19:37:01 |
Dolph Mathews |
bug task added |
|
python-keystoneclient |
|
2013-05-29 19:37:10 |
Dolph Mathews |
python-keystoneclient: status |
New |
Triaged |
|
2013-05-29 19:37:15 |
Dolph Mathews |
python-keystoneclient: importance |
Undecided |
Medium |
|
2013-05-30 09:16:49 |
Thierry Carrez |
tags |
|
security |
|
2013-05-30 09:16:54 |
Thierry Carrez |
bug |
|
|
added subscriber Thierry Carrez |
2013-06-09 19:18:45 |
Numero 8 |
python-keystoneclient: assignee |
|
Numero 8 (numero-8) |
|
2013-06-18 21:56:02 |
OpenStack Infra |
python-keystoneclient: status |
Triaged |
In Progress |
|
2013-06-26 14:25:48 |
Dirk Mueller |
bug |
|
|
added subscriber Dirk Mueller |
2013-08-08 17:05:27 |
OpenStack Infra |
python-keystoneclient: assignee |
Numero 8 (numero-8) |
Adam Young (ayoung) |
|
2013-08-10 07:48:21 |
OpenStack Infra |
python-keystoneclient: assignee |
Adam Young (ayoung) |
Numero 8 (numero-8) |
|
2013-10-10 20:04:02 |
Numero 8 |
python-keystoneclient: assignee |
Numero 8 (numero-8) |
|
|
2013-12-05 19:33:34 |
Sergio Cazzolato |
python-keystoneclient: assignee |
|
Sergio Cazzolato (sergio-j-cazzolato) |
|
2013-12-05 20:26:10 |
Sergio Cazzolato |
python-keystoneclient: assignee |
Sergio Cazzolato (sergio-j-cazzolato) |
|
|
2014-02-04 03:04:59 |
Wei Wang |
python-keystoneclient: assignee |
|
Wei Wang (damon-devops) |
|
2014-02-11 10:10:38 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto MURATA |
2014-03-17 10:54:30 |
Xiang Hui |
bug |
|
|
added subscriber Xiang Hui |
2014-07-15 18:09:14 |
OpenStack Infra |
python-keystoneclient: assignee |
Wei Wang (damon-devops) |
David Stanek (dstanek) |
|
2014-07-16 01:13:01 |
OpenStack Infra |
python-keystoneclient: assignee |
David Stanek (dstanek) |
Brant Knudson (blk-u) |
|
2014-07-23 00:29:23 |
OpenStack Infra |
python-keystoneclient: assignee |
Brant Knudson (blk-u) |
Jamie Lennox (jamielennox) |
|
2014-07-23 23:58:30 |
OpenStack Infra |
python-keystoneclient: assignee |
Jamie Lennox (jamielennox) |
Nathan Kinder (nkinder) |
|
2014-07-24 21:30:56 |
OpenStack Infra |
python-keystoneclient: status |
In Progress |
Fix Committed |
|
2014-07-24 21:53:57 |
Nathan Kinder |
bug task added |
|
ossn |
|
2014-07-24 21:56:12 |
Nathan Kinder |
ossn: importance |
Undecided |
Medium |
|
2014-07-25 02:44:45 |
Dolph Mathews |
python-keystoneclient: milestone |
|
0.10.1 |
|
2014-07-25 02:46:26 |
Dolph Mathews |
python-keystoneclient: status |
Fix Committed |
Fix Released |
|
2014-07-28 19:10:17 |
Brant Knudson |
python-keystoneclient: status |
Fix Released |
Confirmed |
|
2014-07-28 19:57:13 |
OpenStack Infra |
python-keystoneclient: status |
Confirmed |
In Progress |
|
2014-07-28 19:57:13 |
OpenStack Infra |
python-keystoneclient: assignee |
Nathan Kinder (nkinder) |
Brant Knudson (blk-u) |
|
2014-07-31 12:19:10 |
Abu Shohel Ahmed |
ossn: assignee |
|
Abu Shohel Ahmed (shohel-csdu) |
|
2014-08-04 06:53:16 |
OpenStack Infra |
python-keystoneclient: status |
In Progress |
Fix Committed |
|
2014-08-11 10:25:46 |
Abu Shohel Ahmed |
ossn: status |
New |
In Progress |
|
2014-08-21 17:08:18 |
Dolph Mathews |
python-keystoneclient: milestone |
0.10.1 |
0.11.0 |
|
2014-09-21 18:54:20 |
Dolph Mathews |
python-keystoneclient: status |
Fix Committed |
Fix Released |
|
2014-09-26 02:26:29 |
Nathan Kinder |
ossn: status |
In Progress |
Fix Released |
|