cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-5355) addImageStore should not log password in clear text in the log
Date Wed, 04 Dec 2013 01:32:36 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13838457#comment-13838457
] 

ASF subversion and git services commented on CLOUDSTACK-5355:
-------------------------------------------------------------

Commit f420b748903eb261e7721512da0168733d82d202 in branch refs/heads/master from [~minchen07]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f420b74 ]

CLOUDSTACK-5355: addImageStore should not log password in clear text in
the log.


> addImageStore should not log password in clear text in the log
> --------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5355
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5355
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.2.0
>            Reporter: Min Chen
>            Assignee: Min Chen
>            Priority: Critical
>             Fix For: 4.3.0
>
>
> For cifs, addImageStore are currently logging everything including username, password
and domain in clear text in the logs, which are specified in query parameter url for the image
store.
> Here's an extract from the logs: (obscured actual pwd)
> 2013-11-26 12:03:35,703 DEBUG [c.c.a.ApiServlet] (catalina-exec-13:ctx-f0723f52) ===START===
10.104.255.45 – GET command=addImageStore&response=json&sessionkey=5DGP7gv1vXNaK35rAxfIEi7256o%3D&name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR&_=1385447356899
> 2013-11-26 12:03:35,741 INFO [o.a.c.s.d.l.CloudStackImageStoreLifeCycleImpl] (catalina-exec-13:ctx-f0723f52
ctx-547cfc1f) Trying to add a new data store at cifs://10.102.192.150/SMB-Share/sowmya/secondary?user=sowmya&password=XXX@123&domain=BLR
to data center 1
> 2013-11-26 12:03:35,776 DEBUG [c.c.u.UriUtils] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f)
foundUser istrue
> 2013-11-26 12:03:35,777 DEBUG [c.c.u.UriUtils] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f)
foundPswd istrue
> 2013-11-26 12:03:36,011 DEBUG [c.c.a.ApiServlet] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f)
===END=== 10.104.255.45 – GET command=addImageStore&response=json&sessionkey=5DGP7gv1vXNaK35rAxfIEi7256o%3D&name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXX%40123%26domain%3DBLR&_=1385447356899



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message