You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "zhu zhu (JIRA)" <ji...@apache.org> on 2014/05/18 06:49:14 UTC

[jira] [Updated] (QPID-5772) Security: after open debug log for qpid, python qpid driver will print all information including sensitive data

     [ https://issues.apache.org/jira/browse/QPID-5772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

zhu zhu updated QPID-5772:
--------------------------

    Summary: Security: after open debug log for qpid, python qpid driver will print all information including sensitive data  (was: Security: after open debug log for qpid, python qpid client will print all information including sensitive data)

> Security: after open debug log for qpid, python qpid driver will print all information including sensitive data
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-5772
>                 URL: https://issues.apache.org/jira/browse/QPID-5772
>             Project: Qpid
>          Issue Type: Bug
>          Components: Python Client
>            Reporter: zhu zhu
>              Labels: debuglog, security,
>
> For example, logs as below. 
> Is it possible to have Qpid to provide options/configurations to NOT print certain credential fieds in the debug logs? It will benefit product security that are adopting QPID as amqp implementation.  
> Such as messaging/driver.py writeable, write method
> rawlog.debug("SENT[%s]: %r", self.log_id, sent)
> opslog.debug("RCVD[%s]: %r", self.log_id, op)
> opslog.debug("SENT[%s]: %r", self.log_id, op)
> log.debug("RACK[%s]: %s", sst.session.log_id, msg)
> ...
>  
> 2014-05-15 04:07:07.756 19781 DEBUG qpid.messaging [-] SENT[3ae25a8]: Message(ttl=60, properties={'qpid.subject': 'topic/nova/conductor'}, content={'oslo.message': '{"_context_roles": ["_member_", "admin"], "_msg_id": "7216c147b92048b38a779e0a37506edf", "_context_quota_class": null, "_context_request_id": "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2", "_context_service_catalog": [{"endpoints_links": [], "endpoints": [{"adminURL": "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438", "region": "RegionOne", "publicURL": "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438", "internalURL": "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438", "id": "165be0534de5425daed4ee40da0d2f47"}], "type": "volume", "name": "cinder"}], "args": {"values": {"instance_uuid": "0b39e666-aa4e-4f54-89f8-2bc0f5d86e89", "start_time": "2014-05-15T09:07:07.750051", "event": "compute_terminate_instance", "request_id": "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2"}}, "_unique_id": "e7392f1384134643bba0966088fcdaad", "_context_user": "f36557892ea44962b8b6e9f1897f2605", "_context_user_id": "f36557892ea44962b8b6e9f1897f2605", "_context_project_name": "service", "_context_read_deleted": "no", "_reply_q": "reply_02768c332dd445d79ce253efd75b32b8", "_context_auth_token": "202cdaf88b284afeafbbc77dc10f9058", "_context_tenant": "c33546258c0a4733aa8eb56418df6438", "_context_instance_lock_checked": false, "_context_is_admin": true, "version": "2.0", "_context_project_id": "c33546258c0a4733aa8eb56418df6438", "_context_timestamp": "2014-05-15T09:07:07.482164", "_context_user_name": "admin", "method": "action_event_start", "_context_remote_address": "9.123.137.154"}', 'oslo.version': '2.0'}) send /usr/lib/python2.6/site-packages/qpid/messaging/driver.py:1283



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org