[jira] [Commented] (CLOUDSTACK-505) cloudstack logs the private key in plaintext

Mon, 17 Dec 2012 12:30:21 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13534270#comment-13534270
 ] 

Chip Childers commented on CLOUDSTACK-505:
------------------------------------------

on master:

commit ba30500402ec2fbfb262cf8afd6052df67fbc439
Author: Chip Childers <chip.child...@gmail.com>
Date:   Mon Dec 17 15:13:59 2012 -0500

    CLOUDSTACK-505: Added string cleaning to the start and end debug
    log statements within the API servlet.
                
> cloudstack logs the private key in plaintext
> --------------------------------------------
>
>                 Key: CLOUDSTACK-505
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-505
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: API
>    Affects Versions: 4.0.0
>            Reporter: Ahmad Emneina
>            Assignee: Chip Childers
>            Priority: Blocker
>             Fix For: 4.0.1
>
>
> When creating my sshkeypair, theyre logged in the api-server.log.
> 2012-11-16 04:16:44,387 INFO  [cloud.api.ApiServer] (ApiServer-8:null) 
> (userId=1 accountId=1 sessionId=null) /0:0:0:0:0:0:0:1 -- GET 
> /client/api?command=createSSHKeyPair&name=testkeys2&response=json&domainid=1&zone=2&account=admin
>  HTTP/1.0 200 
> {
>     "createsshkeypairresponse": {
>         "keypair": {
>             "name": "testkeys2",
>             "fingerprint": "f2:0c:b1:d9:be:73:4f:a9:0a:c0:c8:59:17:e0:67:07",
>             "privatekey": "-----BEGIN RSA PRIVATE 
> KEY-----\nMIICXgIBAAKBgQDD8CUiTQL26bhcDDW1kg8QqY2Pzm9EkeNwcTtglZEYkfSV7IHI\nDO7kRvB8ca4uKOpQD+jIpz0+leTQAc2JwLPzIFfTpN/mn+vwMwBviTZjYUDePkw+\nuwe97KB4Xg+RM7m0f4sPUHe9IZPshebl8nFhFpp8bL1g/FcDalJs3GhyPwIDAQAB\nAoGBAL0czVp75f6Wul/tUPF8lZnJbF5+KpqODGz8fQjNkwuZ4+3IJcMF6JTfe0FB\nH5Jh3zWDBXSVJeGAHyY8dzsbiRHRoXb4HRXUfSdMVLAlXDmH+REcE/4OY+Sd+GU2\ncrIsq9E3R2Nhr7lujP6BOO4IEzSrKFQ531lLBolCNZ/YpHThAkEA4/N1BeuB7ihI\nlzfdikjEmg3BfDn+s7FlQz42x4iAOBRBcMeO0e7ma+UWD7LUER3tuADAY3D4C/xs\nAluSbEyHdwJBANwMRK4jsmsGFf5GjH/iyVApZx/U71OR8OJx48NSdWmCzEkMdCE+\nH5Lska7j8mfAfqbOYfYqR4gwOXXHGr8XrXkCQAF9GYqMWzDe+npiVwQMLZyD8nuJ\nNWye//ZMdbcf4RZ8q2C9LOWaFc8mk9pOZKwn8eF9v8PmfPg3Ec2CI5apeUkCQQDK\nEj4TyFY07/7MZc7qNcH26j54PduVW+TgngOxv4xw2xtsTZJrYJgwHSzfdRaK7nug\nBNBy9XqA9wAdRz0plL3JAkEAiyCuxFhz6F2NhMxDX9IczJPPiJ+v6qHGwSThiBv0\n9XgwpQqrFmBdqAZ3SDjsgXkG2gAqZRuddbq55ffGSFtkpg==\n-----END
>  RSA PRIVATE KEY-----\n"
>         }
>     }
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to