Comment 5 for bug 1470740
Revision history for this message
| George Shuklin (george-shuklin) wrote | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I may agree that local logs with DEBUG is not a big deal, but if use_syslog=True enabled, than, yes, it can cause unexpected consequences.
For example, in our real-world installation I just wanted to see debug logs from glance for short time, and I didn't expected to disclose them to low-clearance support personnel, and this was suddenly a BIG issue for our security department.
I was forced to write down official explanation about accidental credential disclosure and perform in-house audit of all swift access logs to prove there were no attempts of unauthorized access to snapshots with sensitive data.
OSSN is not enough, because it can be necessary to enable debug for service (like glance).
Proposal: perform token masking only if logs are sent to syslog.