Public bug reported:
The Secure Site Recommendations
(http://docs.openstack.org/developer/horizon/topics/deployment.html
#secure-site-recommendations) does not mention anything about the
LOGGING section. One specific issue that should be covered is that if
you ship the example config file, it will log the keystone requests as
DEBUG and that will log plaintext passwords. This is very dangerous.
** Affects: horizon
Importance: Undecided
Status: New
** Tags: low-hanging-fruit
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1333440
Title:
Secure Site Recommendations does not discuss LOGGING settings
Status in OpenStack Dashboard (Horizon):
New
Bug description:
The Secure Site Recommendations
(http://docs.openstack.org/developer/horizon/topics/deployment.html
#secure-site-recommendations) does not mention anything about the
LOGGING section. One specific issue that should be covered is that if
you ship the example config file, it will log the keystone requests as
DEBUG and that will log plaintext passwords. This is very dangerous.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1333440/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
