db connection string is cleartext in debug log
Bug #1266590 reported by
Brant Knudson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Medium
|
Feilong Wang | ||
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Brant Knudson | ||
oslo-incubator |
Fix Released
|
Undecided
|
Brant Knudson |
Bug Description
When I start up keystone-all with --debug it logs the config settings. The config setting for the database connection string is printed out:
(keystone-all): 2014-01-06 16:32:56,983 DEBUG cfg log_opt_values database.connection = mysql:/
The database connection string will typically contain the user password, so this value should be masked (like admin_token).
This is a regression from Havana, which masked the db connection string.
Changed in oslo: | |
assignee: | nobody → Brant Knudson (blk-u) |
Changed in keystone: | |
assignee: | nobody → Brant Knudson (blk-u) |
summary: |
- db connection string in cleartext in debug log + db connection string is cleartext in debug log |
Changed in glance: | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Fei Long Wang (flwang) |
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in oslo: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
status: | Triaged → Fix Committed |
Changed in cinder: | |
assignee: | nobody → Jay Bryant (jsbryant) |
milestone: | none → icehouse-3 |
Changed in cinder: | |
importance: | Undecided → High |
Changed in glance: | |
milestone: | none → icehouse-3 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | icehouse-3 → icehouse-rc1 |
Changed in keystone: | |
milestone: | none → icehouse-3 |
status: | Fix Committed → Fix Released |
Changed in oslo: | |
milestone: | icehouse-2 → 2014.1 |
Changed in keystone: | |
milestone: | icehouse-3 → 2014.1 |
Changed in glance: | |
milestone: | icehouse-3 → 2014.1 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/65167
Review: https:/