[jira] [Closed] (QPID-5772) Security: after open debug log for qpid, python qpid driver will print all information including sensitive data

Wed, 10 Aug 2016 08:05:40 -0700 

     [ 
https://issues.apache.org/jira/browse/QPID-5772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Ross closed QPID-5772.
-----------------------------
    Resolution: Won't Fix

Use of the generic python log filtering mechanism is preferred.

> Security: after open debug log for qpid, python qpid driver will print all 
> information including sensitive data
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-5772
>                 URL: https://issues.apache.org/jira/browse/QPID-5772
>             Project: Qpid
>          Issue Type: Bug
>          Components: Python Client
>            Reporter: zhu zhu
>              Labels: debuglog, security,
>
> For example, logs as below. 
> Is it possible to have Qpid to provide options/configurations to NOT print 
> certain credential fieds in the debug logs? It will benefit product security 
> that are adopting QPID as amqp implementation.  
> Such as messaging/driver.py writeable, write method
> rawlog.debug("SENT[%s]: %r", self.log_id, sent)
> opslog.debug("RCVD[%s]: %r", self.log_id, op)
> opslog.debug("SENT[%s]: %r", self.log_id, op)
> log.debug("RACK[%s]: %s", sst.session.log_id, msg)
> ...
>  
> 2014-05-15 04:07:07.756 19781 DEBUG qpid.messaging [-] SENT[3ae25a8]: 
> Message(ttl=60, properties={'qpid.subject': 'topic/nova/conductor'}, 
> content={'oslo.message': '{"_context_roles": ["_member_", "admin"], 
> "_msg_id": "7216c147b92048b38a779e0a37506edf", "_context_quota_class": null, 
> "_context_request_id": "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2", 
> "_context_service_catalog": [{"endpoints_links": [], "endpoints": 
> [{"adminURL": 
> "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438";, "region": 
> "RegionOne", "publicURL": 
> "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438";, 
> "internalURL": 
> "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438";, "id": 
> "165be0534de5425daed4ee40da0d2f47"}], "type": "volume", "name": "cinder"}], 
> "args": {"values": {"instance_uuid": "0b39e666-aa4e-4f54-89f8-2bc0f5d86e89", 
> "start_time": "2014-05-15T09:07:07.750051", "event": 
> "compute_terminate_instance", "request_id": 
> "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2"}}, "_unique_id": 
> "e7392f1384134643bba0966088fcdaad", "_context_user": 
> "f36557892ea44962b8b6e9f1897f2605", "_context_user_id": 
> "f36557892ea44962b8b6e9f1897f2605", "_context_project_name": "service", 
> "_context_read_deleted": "no", "_reply_q": 
> "reply_02768c332dd445d79ce253efd75b32b8", "_context_auth_token": 
> "202cdaf88b284afeafbbc77dc10f9058", "_context_tenant": 
> "c33546258c0a4733aa8eb56418df6438", "_context_instance_lock_checked": false, 
> "_context_is_admin": true, "version": "2.0", "_context_project_id": 
> "c33546258c0a4733aa8eb56418df6438", "_context_timestamp": 
> "2014-05-15T09:07:07.482164", "_context_user_name": "admin", "method": 
> "action_event_start", "_context_remote_address": "9.123.137.154"}', 
> 'oslo.version': '2.0'}) send 
> /usr/lib/python2.6/site-packages/qpid/messaging/driver.py:1283



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to