Bug 989271 - Avoid logging sensitive details when using password based authentication
Avoid logging sensitive details when using password based authentication
Status: CLOSED CURRENTRELEASE
Product: Beaker
Classification: Community
Component: web UI (Show other bugs)
develop
Unspecified Unspecified
unspecified Severity unspecified (vote)
: 0.14
: ---
Assigned To: Dan Callaghan
tools-bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-28 20:48 EDT by Nick Coghlan
Modified: 2013-08-08 23:23 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-08 23:23:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nick Coghlan 2013-07-28 20:48:41 EDT
In Beaker 0.13 and earlier, the server-debug logs need to be treated as containing sensitive data, as they record such data when clients use password based authentication (rather than Kerberos ticket based authorisation).

This has been fixed for 0.14 (see http://gerrit.beaker-project.org/#/c/2101/) to avoid capturing the unneeded sensitive details.
Comment 2 xjia 2013-07-28 23:13:40 EDT
Verify:
server-debug.log:Jul 27 03:39:27 beaker-devel beaker-server[14185]: bkr.server.xmlrpccontroller DEBUG Time: 0:00:00.000122 auth.renew_session

Version:
beaker-server-0.13.2-1.git.81.54e9513.el6eng.noarch
beaker-0.13.2-1.git.72.7543e3e.el6.noarch
beaker-server-redhat-0.1.14-1.git.3.ff982cb.el6.noarch
Comment 3 Dan Callaghan 2013-08-08 23:23:48 EDT
Beaker 0.14.1 has been released.

Note You need to log in before you can comment on or make changes to this bug.