yahoo-eng-team team mailing list archive

Thread
Date

[Bug 861854] Re: Token in URL is a security risk

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 06 Mar 2013 15:07:36 -0000
Reply-to: Bug 861854 <861854@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => grizzly-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/861854

Title:
  Token in URL is a security risk

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Raised by anotherjesse. The GET /tokens/id use case requires the token
  in the URL. The token by itself provides access to resources, so
  having that go to an HTTP log is a security risk, especially for
  tokens with a long life.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/861854/+subscriptions