Re: [openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-25 Thread Dan Prince
On Mon, 2015-11-23 at 11:43 -0500, Ruby Loo wrote: > On 20 November 2015 at 18:32, Ben Nemec > wrote: > > On 11/19/2015 06:00 AM, Lucas Alvares Gomes wrote: > > > Hi, > > > > > >> Also keep in mind that DEBUG logging, while still should have > > some masking > > >> of data, since it is explicitly

Re: [openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-23 Thread Ruby Loo
On 20 November 2015 at 18:32, Ben Nemec wrote: > On 11/19/2015 06:00 AM, Lucas Alvares Gomes wrote: > > Hi, > > > >> Also keep in mind that DEBUG logging, while still should have some > masking > >> of data, since it is explicitly called out (or should be) as not safe > for > >> production, can c

Re: [openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-20 Thread Ben Nemec
On 11/19/2015 06:00 AM, Lucas Alvares Gomes wrote: > Hi, > >> Also keep in mind that DEBUG logging, while still should have some masking >> of data, since it is explicitly called out (or should be) as not safe for >> production, can contain some " sensitive" data. Credentials should still be >> sc

Re: [openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-19 Thread Lucas Alvares Gomes
Hi, > Also keep in mind that DEBUG logging, while still should have some masking > of data, since it is explicitly called out (or should be) as not safe for > production, can contain some " sensitive" data. Credentials should still be > scrubbed, but I would say the swift temp URL is something tha

Re: [openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-18 Thread Morgan Fainberg
On Nov 18, 2015 13:52, "Devananda van der Veen" wrote: > > > On Wed, Nov 18, 2015 at 9:48 AM, Ruby Loo wrote: >> >> Hi, >> >> I think we all agree that it isn't OK to log credentials (like passwords) in DEBUG logs. However, what about other information that might be sensitive? A patch was recentl

Re: [openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-18 Thread Devananda van der Veen
On Wed, Nov 18, 2015 at 9:48 AM, Ruby Loo wrote: > Hi, > > I think we all agree that it isn't OK to log credentials (like passwords) > in DEBUG logs. However, what about other information that might be > sensitive? A patch was recently submitted to log (in debug) the SWIFT > temporary URL [1]. I

[openstack-dev] [ironic][security] what is OK to put in DEBUG logs?

2015-11-18 Thread Ruby Loo
Hi, I think we all agree that it isn't OK to log credentials (like passwords) in DEBUG logs. However, what about other information that might be sensitive? A patch was recently submitted to log (in debug) the SWIFT temporary URL [1]. I agree that it would be useful for debugging, but since that te