You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Min Chen (JIRA)" <ji...@apache.org> on 2013/12/04 00:41:36 UTC
[jira] [Created] (CLOUDSTACK-5355) addImageStore should not log
password in clear text in the log
Min Chen created CLOUDSTACK-5355:
------------------------------------
Summary: addImageStore should not log password in clear text in the log
Key: CLOUDSTACK-5355
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5355
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: API
Affects Versions: 4.2.0
Reporter: Min Chen
Assignee: Min Chen
Priority: Critical
Fix For: 4.3.0
For cifs, addImageStore are currently logging everything including username, password and domain in clear text in the logs, which are specified in query parameter url for the image store.
Here's an extract from the logs: (obscured actual pwd)
2013-11-26 12:03:35,703 DEBUG [c.c.a.ApiServlet] (catalina-exec-13:ctx-f0723f52) ===START=== 10.104.255.45 – GET command=addImageStore&response=json&sessionkey=5DGP7gv1vXNaK35rAxfIEi7256o%3D&name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR&_=1385447356899
2013-11-26 12:03:35,741 INFO [o.a.c.s.d.l.CloudStackImageStoreLifeCycleImpl] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f) Trying to add a new data store at cifs://10.102.192.150/SMB-Share/sowmya/secondary?user=sowmya&password=XXX@123&domain=BLR to data center 1
2013-11-26 12:03:35,776 DEBUG [c.c.u.UriUtils] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f) foundUser istrue
2013-11-26 12:03:35,777 DEBUG [c.c.u.UriUtils] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f) foundPswd istrue
2013-11-26 12:03:36,011 DEBUG [c.c.a.ApiServlet] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f) ===END=== 10.104.255.45 – GET command=addImageStore&response=json&sessionkey=5DGP7gv1vXNaK35rAxfIEi7256o%3D&name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXX%40123%26domain%3DBLR&_=1385447356899
--
This message was sent by Atlassian JIRA
(v6.1#6144)