python-keystoneclient

Bug #1004114
Activity log

Activity log for bug #1004114

Date	Who	What changed	Old value	New value	Message
2012-05-24 19:02:15	Gabriel Hurley	bug			added bug
2012-05-24 19:02:31	Gabriel Hurley	bug task added		keystone
2012-05-24 19:03:47	Gabriel Hurley	description	When the log level is set to DEBUG, keystoneclient's full-request logging mechanism kicks in, exposing plaintext passwords, etc. This bug is mostly out of the scope of Horizon, however Horizon can also be more secure in this regard. We should make sure that wherever we are handling sensitive data we use Django's error report filtering mechanisms so they don't appear in tracebacks, etc. Keystone may also want to look at respecting such annotations in their logging mechanism, i.e. if Django were properly annotating these data objects, keystoneclient could check for those annotations and properly sanitize the log output. If not this exact mechanism, then something similar would be wise. For the time being, it's also worth documenting in both projects that a log level of DEBUG will log passwords in plain text.	When the log level is set to DEBUG, keystoneclient's full-request logging mechanism kicks in, exposing plaintext passwords, etc. This bug is mostly out of the scope of Horizon, however Horizon can also be more secure in this regard. We should make sure that wherever we are handling sensitive data we use Django's error report filtering mechanisms so they don't appear in tracebacks, etc. (https://docs.djangoproject.com/en/dev/howto/error-reporting/#filtering-error-reports) Keystone may also want to look at respecting such annotations in their logging mechanism, i.e. if Django were properly annotating these data objects, keystoneclient could check for those annotations and properly sanitize the log output. If not this exact mechanism, then something similar would be wise. For the time being, it's also worth documenting in both projects that a log level of DEBUG will log passwords in plain text.
2012-05-24 19:15:03	Joseph Heck	keystone: status	New	Confirmed
2012-05-24 19:15:06	Joseph Heck	keystone: importance	Undecided	High
2012-05-24 22:28:45	OpenStack Infra	horizon: status	Confirmed	In Progress
2012-05-26 22:24:23	OpenStack Infra	horizon: status	In Progress	Fix Committed
2012-07-04 08:33:21	Thierry Carrez	horizon: status	Fix Committed	Fix Released
2012-07-17 21:24:37	OpenStack Infra	keystone: status	Confirmed	In Progress
2012-07-17 21:24:37	OpenStack Infra	keystone: assignee		Dolph Mathews (dolph)
2012-07-19 17:31:37	OpenStack Infra	keystone: status	In Progress	Fix Committed
2012-08-16 07:29:04	Thierry Carrez	keystone: status	Fix Committed	Fix Released
2012-08-16 07:29:04	Thierry Carrez	keystone: milestone		folsom-3
2012-09-27 14:56:31	Thierry Carrez	horizon: milestone	folsom-2	2012.2
2012-09-27 15:04:24	Thierry Carrez	keystone: milestone	folsom-3	2012.2
2013-05-29 19:37:01	Dolph Mathews	bug task added		python-keystoneclient
2013-05-29 19:37:10	Dolph Mathews	python-keystoneclient: status	New	Triaged
2013-05-29 19:37:15	Dolph Mathews	python-keystoneclient: importance	Undecided	Medium
2013-05-30 09:16:49	Thierry Carrez	tags		security
2013-05-30 09:16:54	Thierry Carrez	bug			added subscriber Thierry Carrez
2013-06-09 19:18:45	Numero 8	python-keystoneclient: assignee		Numero 8 (numero-8)
2013-06-18 21:56:02	OpenStack Infra	python-keystoneclient: status	Triaged	In Progress
2013-06-26 14:25:48	Dirk Mueller	bug			added subscriber Dirk Mueller
2013-08-08 17:05:27	OpenStack Infra	python-keystoneclient: assignee	Numero 8 (numero-8)	Adam Young (ayoung)
2013-08-10 07:48:21	OpenStack Infra	python-keystoneclient: assignee	Adam Young (ayoung)	Numero 8 (numero-8)
2013-10-10 20:04:02	Numero 8	python-keystoneclient: assignee	Numero 8 (numero-8)
2013-12-05 19:33:34	Sergio Cazzolato	python-keystoneclient: assignee		Sergio Cazzolato (sergio-j-cazzolato)
2013-12-05 20:26:10	Sergio Cazzolato	python-keystoneclient: assignee	Sergio Cazzolato (sergio-j-cazzolato)
2014-02-04 03:04:59	Wei Wang	python-keystoneclient: assignee		Wei Wang (damon-devops)
2014-02-11 10:10:38	Nobuto Murata	bug			added subscriber Nobuto MURATA
2014-03-17 10:54:30	Xiang Hui	bug			added subscriber Xiang Hui
2014-07-15 18:09:14	OpenStack Infra	python-keystoneclient: assignee	Wei Wang (damon-devops)	David Stanek (dstanek)
2014-07-16 01:13:01	OpenStack Infra	python-keystoneclient: assignee	David Stanek (dstanek)	Brant Knudson (blk-u)
2014-07-23 00:29:23	OpenStack Infra	python-keystoneclient: assignee	Brant Knudson (blk-u)	Jamie Lennox (jamielennox)
2014-07-23 23:58:30	OpenStack Infra	python-keystoneclient: assignee	Jamie Lennox (jamielennox)	Nathan Kinder (nkinder)
2014-07-24 21:30:56	OpenStack Infra	python-keystoneclient: status	In Progress	Fix Committed
2014-07-24 21:53:57	Nathan Kinder	bug task added		ossn
2014-07-24 21:56:12	Nathan Kinder	ossn: importance	Undecided	Medium
2014-07-25 02:44:45	Dolph Mathews	python-keystoneclient: milestone		0.10.1
2014-07-25 02:46:26	Dolph Mathews	python-keystoneclient: status	Fix Committed	Fix Released
2014-07-28 19:10:17	Brant Knudson	python-keystoneclient: status	Fix Released	Confirmed
2014-07-28 19:57:13	OpenStack Infra	python-keystoneclient: status	Confirmed	In Progress
2014-07-28 19:57:13	OpenStack Infra	python-keystoneclient: assignee	Nathan Kinder (nkinder)	Brant Knudson (blk-u)
2014-07-31 12:19:10	Abu Shohel Ahmed	ossn: assignee		Abu Shohel Ahmed (shohel-csdu)
2014-08-04 06:53:16	OpenStack Infra	python-keystoneclient: status	In Progress	Fix Committed
2014-08-11 10:25:46	Abu Shohel Ahmed	ossn: status	New	In Progress
2014-08-21 17:08:18	Dolph Mathews	python-keystoneclient: milestone	0.10.1	0.11.0
2014-09-21 18:54:20	Dolph Mathews	python-keystoneclient: status	Fix Committed	Fix Released
2014-09-26 02:26:29	Nathan Kinder	ossn: status	In Progress	Fix Released