The password dumping is actually in oslo apiclient. So that too should be scrubbed, but it has to happen in oslo first.
So mostly just because I found it here.
-Sean
On 06/12/2014 10:47 PM, Xuhan Peng wrote:
> Sorry to interrupt this discussion.
>
> Sean,
>
> Since I'm working the neutron client code change, by looking at your
> code change to nova client, looks like only X-Auth-Token is taken care
> of in http_log_req. There is also password in header and token id in
> response. Any particular reason that they are not being taken care of?
>
> Thanks,
> Xu Han
> —
> Sent from Mailbox <https://www.dropbox.com/mailbox> for iPhone
>
>
> On Fri, Jun 13, 2014 at 8:47 AM, Gordon Chung <[email protected]
> <mailto:[email protected]>> wrote:
>
> >I'm hoping we can just ACK this approach, and get folks to start moving
> > patches through the clients to clean this all up.
>
> just an fyi, in pyCADF, we obfuscate tokens similar to how credit
> cards are handled: by capturing a percentage of leading and trailing
> characters and substituting the middle ie. "4724 xxxxxxxx 8478".
> whatever we decide here, i'm all for having a consistent way of
> masking and minimising tokens in OpenStack.
>
> cheers,
> gordon chung
> openstack, ibm software standards
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> [email protected]
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Sean Dague
http://dague.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
