Bug 1014115 - engine-setup sometimes logs passwords
Summary: engine-setup sometimes logs passwords
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-installer
Version: 3.3
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 3.3
Assignee: Yedidyah Bar David
QA Contact: Jiri Belka
URL:
Whiteboard: integration
Depends On: 1014552
Blocks: 1011800 1016012
TreeView+ depends on / blocked
 
Reported: 2013-10-01 12:44 UTC by Yedidyah Bar David
Modified: 2013-11-07 08:26 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1016012 (view as bug list)
Environment:
Last Closed: 2013-11-07 08:26:38 UTC
oVirt Team: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 19775 0 None None None Never
oVirt gerrit 19938 0 None None None Never
oVirt gerrit 19939 0 None None None Never

Description Yedidyah Bar David 2013-10-01 12:44:09 UTC 
Description of problem:

engine-setup sometimes logs passwords to its log file, although most of the code is intended to not do that. We should make sure this never happens.

Version-Release number of selected component (if applicable):


How reproducible:

E.g. while upgrading from legacy, the database-access password used by legacy is logged.

Steps to Reproduce:
1. Install ovirt 3.2, run setup, input some password for the database
2. Upgrade to 3.3
3.

Actual results:

The db password appears in the log

Expected results:

All passwords should be replaced by '**FILTERED**'

Additional info:
Comment 1 Sandro Bonazzola 2013-10-14 09:57:49 UTC 
included in 3.3.0.1 now in updates-testing.
Comment 2 Jiri Belka 2013-10-25 10:47:15 UTC 
ok, sf21.1 -> is20.
Comment 3 Sandro Bonazzola 2013-11-07 08:26:38 UTC 
oVirt 3.3.0.1 has been released.
Note You need to log in before you can comment on or make changes to this bug.