Bug 842848 - user password displayed in plain text in the log
user password displayed in plain text in the log
Product: Pulp
Classification: Community
Component: user-experience (Show other bugs)
Unspecified Unspecified
high Severity unspecified
: ---
: Sprint 38
Assigned To: Jason Connor
Preethi Thomas
Depends On:
  Show dependency treegraph
Reported: 2012-07-24 13:57 EDT by Preethi Thomas
Modified: 2014-03-30 21:39 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-01-07 09:12:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Preethi Thomas 2012-07-24 13:57:58 EDT
Description of problem:
creating a user displays password in plain text in the pulp.log

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. create a user with password
2. tail the log
Actual results:
[root@pulp-f16 ~]# pulp-admin user create --login test --password redhat
User [test] successfully created

From the log

2012-07-24 13:53:28,725 13584:140275870033664: pulp.server.webservices.controllers.users:INFO: users:62 $$$$$$$$$$$ test : test
2012-07-24 13:53:28,887 13584:140275529664256: pulp.server.dispatch.task:INFO: task:148 Task 7984be35-d5b8-11e1-8896-5452007c4f00: CallRequest: UserManager.create_user(u'test', u'redhat', u'test', None) SUCCEEDED

Expected results:

Additional info:
Comment 1 Jay Dobies 2012-07-24 14:15:55 EDT
Jason - Not sure what we can do about this, but this is bad. Any ideas?
Comment 2 Jason Connor 2012-07-24 16:06:18 EDT
Added a flag to obfuscate the args and kwargs when logging, printing, etc the str representation of a call_request

Fix pushed in:
master: 7a64ecbf7b822fad50eaedb0bfb3eb3e814265d6
pulp_CR-1_patches: 9e6c9e1617095de72a12fa1e7e14f0e297f01bf4
Comment 3 Jeff Ortel 2012-07-24 18:54:19 EDT
build: 0.318.
Comment 4 Preethi Thomas 2012-07-25 09:13:55 EDT

[root@preethi-el6-pulp ~]# rpm -q pulp-rpm-server
[root@preethi-el6-pulp ~]# 
[root@preethi-el6-pulp ~]# pulp-admin user create --login preethi --pass redhat
User [preethi] successfully created

From pulp.log
2012-07-25 09:06:42,289 17816:140680542246656: pulp.server.dispatch.task:INFO: task:148 Task 93f9f438-d659-11e1-9729-525400c5886c: CallRequest: UserManager.create_user(**OBFUSCATED**, **OBFUSCATED**, **OBFUSCATED**, **OBFUSCATED**) SUCCEEDED
Comment 5 Preethi Thomas 2013-01-07 09:12:02 EST
Pulp 2.0 released.

Note You need to log in before you can comment on or make changes to this bug.