Public bug reported:
If you set debug=true in keystone.conf the server 1) logs at debug level, and
2) sends out insecure responses. Deployers might think that debug=true only
does 1, not knowing about 2 since it's not documented in the sample config. The
behaviors should be decoupled to improve security a bit.
** Affects: keystone
Importance: Undecided
Assignee: Brant Knudson (blk-u)
Status: New
** Tags: security
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1479523
Title:
Stop using debug for insecure responses
Status in Keystone:
New
Bug description:
If you set debug=true in keystone.conf the server 1) logs at debug level, and
2) sends out insecure responses. Deployers might think that debug=true only
does 1, not knowing about 2 since it's not documented in the sample config. The
behaviors should be decoupled to improve security a bit.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1479523/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
