yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #21037
[Bug 1348844] Re: Keystone logs auth tokens in URLs at log level info
This was published as OSSN-0023:
https://wiki.openstack.org/wiki/OSSN/OSSN-0023
** Changed in: ossn
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1348844
Title:
Keystone logs auth tokens in URLs at log level info
Status in OpenStack Identity (Keystone):
Won't Fix
Status in OpenStack Security Notes:
Fix Released
Bug description:
Example:
2014-07-25 22:28:25.352 1458 INFO eventlet.wsgi.server [-]
10.241.1.50,10.241.1.80 - - [25/Jul/2014 22:28:25] "GET
/v2.0/tokens/d5036612660543a3a9b8054c79dea8d3 HTTP/1.1" 200 3174
0.021630
We've found that this regex can catch all of these messages:
/v2.0/tokens/[\da-f]{32}
Keystone also logs a bunch of other sensitive data in debug level
messages, but this one it still present even if you only take info
level messages and above. We'd like to solve this problem at the
source instead of greping it out of our log files.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1348844/+subscriptions
References