← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1333440] [NEW] Secure Site Recommendations does not discuss LOGGING settings

 

Public bug reported:

The Secure Site Recommendations
(http://docs.openstack.org/developer/horizon/topics/deployment.html
#secure-site-recommendations) does not mention anything about the
LOGGING section. One specific issue that should be covered is that if
you ship the example config file, it will log the keystone requests as
DEBUG and that will log plaintext passwords. This is very dangerous.

** Affects: horizon
     Importance: Undecided
         Status: New


** Tags: low-hanging-fruit

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1333440

Title:
  Secure Site Recommendations does not discuss LOGGING settings

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  The Secure Site Recommendations
  (http://docs.openstack.org/developer/horizon/topics/deployment.html
  #secure-site-recommendations) does not mention anything about the
  LOGGING section. One specific issue that should be covered is that if
  you ship the example config file, it will log the keystone requests as
  DEBUG and that will log plaintext passwords. This is very dangerous.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1333440/+subscriptions


Follow ups

References