Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 87CDC10F3B for ; Sun, 21 Jul 2013 00:36:48 +0000 (UTC) Received: (qmail 67631 invoked by uid 500); 21 Jul 2013 00:36:48 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 67595 invoked by uid 500); 21 Jul 2013 00:36:48 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 67511 invoked by uid 500); 21 Jul 2013 00:36:48 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 67448 invoked by uid 99); 21 Jul 2013 00:36:48 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Jul 2013 00:36:48 +0000 Date: Sun, 21 Jul 2013 00:36:48 +0000 (UTC) From: "Min Chen (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-3274) API Refactoring: secretkey and accesskey of the backing store is found in plaintext in the logs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-3274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13714586#comment-13714586 ] Min Chen commented on CLOUDSTACK-3274: -------------------------------------- However, just like CLOUDSTACK-505, it still cannot solve the issue where password/accesskey/secretkey is passed through a Map structure in api query string, for example, in addImageStore, where we have a map structure, which is passed as this: details[0].key=secretkey&details[0].value=xxx. In some sense, the current way in API server to pass Map like parameter is quite awkward, we should later on fix API to pass Map query parameter just as secretkey=xxx&accesskey=xxx. Once that is fixed, this corner case will not be an issue anymore. > API Refactoring: secretkey and accesskey of the backing store is found in plaintext in the logs > ----------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-3274 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3274 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Storage Controller > Affects Versions: 4.2.0 > Reporter: Prasanna Santhanam > Assignee: Min Chen > Priority: Critical > Fix For: 4.2.0 > > > Should we be printing the s3 store credentials in the logs in plaintext? Can it be sanitized? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira