yahoo-eng-team team mailing list archive

[Dolph Mathews <1322187@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Keystone raises fairly transparent error messages to the API in debug
mode to allow deployers to debug deployment issues, etc, without facing
unnecessary hurdles (for example, we expose details of password failures
and detailed SQL exceptions). Disabling debug mode replaces those error
messages with completely opaque Unauthorized / Forbidden / Unexpected
error messages.

Unfortunately the transparent messages are alarming to those who don't
realize they can be easily suppressed. To correct this, these error
messages should self-document their conditional behavior.

** Affects: keystone
     Importance: Low
     Assignee: Dolph Mathews (dolph)
         Status: Triaged


** Tags: user-experience

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1322187

Title:
  Sensitive error messages are alarming

Status in OpenStack Identity (Keystone):
  Triaged

Bug description:
  Keystone raises fairly transparent error messages to the API in debug
  mode to allow deployers to debug deployment issues, etc, without
  facing unnecessary hurdles (for example, we expose details of password
  failures and detailed SQL exceptions). Disabling debug mode replaces
  those error messages with completely opaque Unauthorized / Forbidden /
  Unexpected error messages.

  Unfortunately the transparent messages are alarming to those who don't
  realize they can be easily suppressed. To correct this, these error
  messages should self-document their conditional behavior.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1322187/+subscriptions