cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sowmya Krishnan (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CLOUDSTACK-5355) addImageStore should not log password in clear text in the log
Date Wed, 05 Mar 2014 04:37:42 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sowmya Krishnan closed CLOUDSTACK-5355.
---------------------------------------


Verified with cifs

> addImageStore should not log password in clear text in the log
> --------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5355
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5355
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.2.0
>            Reporter: Sowmya Krishnan
>            Assignee: Min Chen
>            Priority: Critical
>             Fix For: 4.3.0
>
>
> For cifs, addImageStore are currently logging everything including username, password
and domain in clear text in the logs, which are specified in query parameter url for the image
store.
> Here's an extract from the logs: (obscured actual pwd)
> 2013-11-26 12:03:35,703 DEBUG [c.c.a.ApiServlet] (catalina-exec-13:ctx-f0723f52) ===START===
10.104.255.45 – GET command=addImageStore&response=json&sessionkey=5DGP7gv1vXNaK35rAxfIEi7256o%3D&name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR&_=1385447356899
> 2013-11-26 12:03:35,741 INFO [o.a.c.s.d.l.CloudStackImageStoreLifeCycleImpl] (catalina-exec-13:ctx-f0723f52
ctx-547cfc1f) Trying to add a new data store at cifs://10.102.192.150/SMB-Share/sowmya/secondary?user=sowmya&password=XXX@123&domain=BLR
to data center 1
> 2013-11-26 12:03:35,776 DEBUG [c.c.u.UriUtils] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f)
foundUser istrue
> 2013-11-26 12:03:35,777 DEBUG [c.c.u.UriUtils] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f)
foundPswd istrue
> 2013-11-26 12:03:36,011 DEBUG [c.c.a.ApiServlet] (catalina-exec-13:ctx-f0723f52 ctx-547cfc1f)
===END=== 10.104.255.45 – GET command=addImageStore&response=json&sessionkey=5DGP7gv1vXNaK35rAxfIEi7256o%3D&name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXX%40123%26domain%3DBLR&_=1385447356899



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message