| 2010-08-26 18:40:21 |
Anthony Lenton |
bug |
|
|
added bug |
| 2010-08-26 18:40:40 |
Anthony Lenton |
canonical-identity-provider: milestone |
|
2.9.0 |
|
| 2010-08-31 16:43:23 |
Julien Funk |
canonical-isd-qa: milestone |
|
canonical-identity-provider+2.9.0 |
|
| 2010-09-08 12:37:35 |
Łukasz Czyżykowski |
canonical-identity-provider: status |
New |
Confirmed |
|
| 2010-09-08 15:36:16 |
David Owen |
canonical-identity-provider: milestone |
2.9.0 |
1-commitment |
|
| 2010-09-08 18:22:55 |
Stuart Metcalfe |
canonical-identity-provider: milestone |
1-commitment |
for-10.0 |
|
| 2010-09-08 18:32:33 |
Stuart Metcalfe |
canonical-identity-provider: importance |
Undecided |
Low |
|
| 2010-10-15 15:07:19 |
Stuart Metcalfe |
canonical-identity-provider: milestone |
for-10.10 |
|
|
| 2010-10-15 15:07:27 |
Stuart Metcalfe |
canonical-identity-provider: importance |
Low |
High |
|
| 2010-10-15 15:08:13 |
Łukasz Czyżykowski |
canonical-identity-provider: status |
Confirmed |
Triaged |
|
| 2010-10-15 15:12:35 |
Łukasz Czyżykowski |
description |
We would want to know which api user is making which api calls and when. Apache logs aren't enough for this because they don't track the authorization headers provided in the requests, so we'd need to use a custom application log for this. Ideally we'd log:
- If it was an anonymous api call, or the api basic / oauth user that was authorized
- The called method (full url and ws.op GET argument provide this)
- Time at which the call was made
It might make sense to also log the arguments provided to named methods, as long as we don't log sensitive data (let's not log passwords or token secrets for example). |
We would want to know which api user is making which api calls and when. Apache logs aren't enough for this because they don't track the authorization headers provided in the requests, so we'd need to use a custom application log for this. Most important calls are things which causes data changes, we can skip reads. Each log message should consist of:
- If it was an anonymous api call, or the api basic / oauth user that was authorized
- The called method (full url and ws.op GET argument provide this, if that can be retrieved from environment)
- Time at which the call was made
- Method arguments, but without sensitive data (passwords, token secrets, etc).
|
|
| 2014-05-23 00:25:48 |
Gerson Chicareli |
canonical-identity-provider: assignee |
|
Gerson Chicareli (chicareligerson-e) |
|
| 2019-10-08 23:22:27 |
Daniel Manrique |
canonical-identity-provider: assignee |
Gerson Chicareli (chicareligerson-e) |
|
|
| 2019-10-08 23:50:37 |
Eileen DeSello |
bug |
|
|
added subscriber Eileen DeSello |
| 2019-10-08 23:50:45 |
Eileen DeSello |
removed subscriber Eileen DeSello |
|
|
|
