yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1333440] [NEW] Secure Site Recommendations does not discuss LOGGING settings

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Fischer <matt@xxxxxxxxxxxxxxx>
Date: Mon, 23 Jun 2014 21:55:37 -0000
Reply-to: Bug 1333440 <1333440@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The Secure Site Recommendations
(http://docs.openstack.org/developer/horizon/topics/deployment.html
#secure-site-recommendations) does not mention anything about the
LOGGING section. One specific issue that should be covered is that if
you ship the example config file, it will log the keystone requests as
DEBUG and that will log plaintext passwords. This is very dangerous.

** Affects: horizon
     Importance: Undecided
         Status: New


** Tags: low-hanging-fruit

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1333440

Title:
  Secure Site Recommendations does not discuss LOGGING settings

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  The Secure Site Recommendations
  (http://docs.openstack.org/developer/horizon/topics/deployment.html
  #secure-site-recommendations) does not mention anything about the
  LOGGING section. One specific issue that should be covered is that if
  you ship the example config file, it will log the keystone requests as
  DEBUG and that will log plaintext passwords. This is very dangerous.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1333440/+subscriptions

Follow ups

[Bug 1333440] Re: Secure Site Recommendations does not discuss LOGGING settings
From: Akihiro Motoki, 2021-02-28
[Bug 1333440] [NEW] Secure Site Recommendations does not discuss LOGGING settings
From: Matt Fischer, 2014-06-23

References

[Bug 1333440] [NEW] Secure Site Recommendations does not discuss LOGGING settings
From: Matt Fischer, 2014-06-23