replication_slave user and passwords exposed in logging
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
In Progress
|
Undecided
|
Trevor McCasland | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Currently the passwords and usernames for trove's replciation_user in pxc and percona configuration options are exposed in the logger.
Mysql already has secret=True for their configuration options.
This patch extends that to all of the other database configuration
options using oslo.config.cfg.Opt option secret [1].
See output below for exact logs:
tr-api.
tr-api.
tr-api.
References
[1] http://
Changed in trove: | |
assignee: | nobody → Trevor McCasland (twm2016) |
tags: | added: security |
Attaching plain text version