As of 2021, keystoneauth1 is used to communicate back-end services.
keystoneauth1 handles the underlying http connections and is in charge
of DEBUG logging. It no longer records credentials like user password.
token ID is still logged but token is ephemeral so I think this issue
has been addressed.
** Changed in: horizon
Assignee: Annapoornima Koppad (annakoppad) => (unassigned)
** Changed in: horizon
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1333440
Title:
Secure Site Recommendations does not discuss LOGGING settings
Status in OpenStack Dashboard (Horizon):
Fix Released
Bug description:
The Secure Site Recommendations
(http://docs.openstack.org/developer/horizon/topics/deployment.html
#secure-site-recommendations) does not mention anything about the
LOGGING section. One specific issue that should be covered is that if
you ship the example config file, it will log the keystone requests as
DEBUG and that will log plaintext passwords. This is very dangerous.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1333440/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
