OpenStack Dashboard (Horizon)

  1. Bug #1004114
  2. Comment #21

Comment 21 for bug 1004114

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-keystoneclient (master)

Reviewed: https://review.openstack.org/101792
Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=0e9ecaa1547306f7af6527126fb88f8151908498
Submitter: Jenkins
Branch: master

commit 0e9ecaa1547306f7af6527126fb88f8151908498
Author: Jamie Lennox <email address hidden>
Date: Wed Jun 18 10:22:10 2014 +1000

    Don't log sensitive auth data

    Add the ability to turn off logging from the session object and then
    handle logging of auth requests within their own sections. This is a
    very simplistic ability to completely disable logging. Logging more
    filtered debugging can be added later.

    This new ability is utilized in this patch to prevent logging of
    requests that include passwords. This covers authenticate, password
    change, and user update requests that include passwords.

    SecurityImpact
    Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
    Closes-Bug: #1004114
    Closes-Bug: #1327019