This isn't logging on the service side, this is logging on the client because the user ran --debug. This isn't a big security issue other than a documentation or user educational one.
Natr On Apr 29, 2014 9:07 AM, "Hao Wang" <[email protected]> wrote: > Adding security group... > > > On Sat, Apr 26, 2014 at 4:25 PM, Hao Wang <[email protected]> wrote: > >> It is the client. I got this message with DEBUG enabled: >> curl -i 'http://192.168.56.103:35357/v2.0/tokens' -X POST -H >> "Content-Type: application/json" -H "Accept: application/json" -H >> "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", >> "passwordCredentials": {"username": "admin", "password": "admin"}}}' >> >> It can be seen that username and password are right in the message. >> >> Hao >> >> >> On Sat, Apr 26, 2014 at 4:08 PM, Aaron Knister >> <[email protected]>wrote: >> >>> Was it the client or the server that exposed the credentials? >>> >>> Sent from my iPhone >>> >>> On Apr 26, 2014, at 2:28 PM, Hao Wang <[email protected]> wrote: >>> >>> Hi, >>> >>> I am troubleshooting a neutron case. It was just found that if DEBUG was >>> enabled, neutron would print out JSON data with username and password. I am >>> wondering what kind of protocol is used in production environment to >>> prevent this security risk from happening. >>> >>> Thanks, >>> Hao >>> >>> _______________________________________________ >>> Mailing list: >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> Post to : [email protected] >>> Unsubscribe : >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> >>> >> > > _______________________________________________ > Openstack-security mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
