brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ahgittin <...@git.apache.org>
Subject [GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Date Fri, 30 Jan 2015 13:29:56 GMT
GitHub user ahgittin reopened a pull request:

    https://github.com/apache/incubator-brooklyn/pull/484

    obfuscate passwords and credentials in the gui (literal "shadow passwords")

    applies text shadowing to blur keys that say obvious things like "password" and "credential",
    to config table and sensors table. clears up when you click it.
    this prevents people looking over your shoulder from seeing things they shouldn't,
    but it doesn't block REST access, and if you click on it you can still see it.
    (this is a common trick done at AWS & SL, btw.)
    
    a separate feature is to enforce visibility of sensors; this can be done with entitlements
on a per-sensor basis
    but it might be nice to have an easy entitlements mode where "sensitive" info is not available,
    and options on config keys (similar to how i just did it with ConfigInheritance,
    in https://github.com/apache/incubator-brooklyn/pull/483) to allow ConfigSensitivity.
    
    an easy way to test is:
    
        curl -v -X POST -H "Content-Type: application/json" --data \"foo\" http://127.0.0.1:8082/v1/applications/YKH2Dp3E/entities/NN0BJzNA/sensors/my_secret
    
    here's what it looks like:
    
    ![screen shot 2015-01-28 at 16 05 23](https://cloud.githubusercontent.com/assets/496540/5941241/89d8c3fe-a707-11e4-8b4d-7e0ef1c2b28f.png)


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ahgittin/incubator-brooklyn jsgui-hide-passwords

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-brooklyn/pull/484.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #484
    
----
commit 851f91ac3df97fe82ab5ece2aca7ce70456b8ccc
Author: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Date:   2015-01-28T15:54:26Z

    obfuscate passwords and credentials in the gui (literal "shadow passwords!")
    
    applies text shadowing to blur keys that say obvious things like "password" and "credential",
    to config table and sensors table. clears up when you click it.
    this prevents people looking over your shoulder from seeing things they shouldn't,
    but it doesn't block REST access, and if you click on it you can still see it.
    (this is a common trick done at AWS & SL, btw.)
    
    a separate feature is to enforce visibility of sensors; this can be done with entitlements
on a per-sensor basis
    but it might be nice to have an easy entitlements mode where "sensitive" info is not available,
    and options on config keys (similar to how i just did it with ConfigInheritance,
    in https://github.com/apache/incubator-brooklyn/pull/483) to allow ConfigSensitivity.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message