yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1266590] Re: db connection string is cleartext in debug log

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: John Griffith <1266590@xxxxxxxxxxxxxxxxxx>
Date: Tue, 25 Mar 2014 03:47:22 -0000
Reply-to: Bug 1266590 <1266590@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Cinder has the secret=True setting in the conf options already, so the
DNE Cinder.

** No longer affects: cinder

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1266590

Title:
  db connection string is cleartext in debug log

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released
Status in OpenStack Identity (Keystone):
  Fix Released
Status in Oslo - a Library of Common OpenStack Code:
  Fix Released

Bug description:
  
  When I start up keystone-all with --debug it logs the config settings. The config setting for the database connection string is printed out:

  (keystone-all): 2014-01-06 16:32:56,983 DEBUG cfg log_opt_values
  database.connection            =
  mysql://root:rootpwd@127.0.0.1/keystone?charset=utf8

  The database connection string will typically contain the user
  password, so this value should be masked (like admin_token).

  This is a regression from Havana, which masked the db connection
  string.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1266590/+subscriptions

References

[Bug 1266590] [NEW] db connection string in cleartext in debug log
From: Brant Knudson, 2014-01-06