CLOUDSTACK-10424:Potential sensitive information disclosure #4537
CLOUDSTACK-10424:Potential sensitive information disclosure #4537lujiefsi wants to merge 2 commits into
Conversation
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔centos7 ✔centos8 ✔debian. JID-2487 |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-3344)
|
Hum, I give this patch for two reasons:
I know current change is bad for debugging, but i still think the sensitive information is more important, and in this case, password is not usefull to debug. In order to make the log be useful to debug, i will change the patch as: this change will give more details about the job. |
|
When trace logs are enabled, you'll even see SQL queries in the logs. Trace is supposed to show sensitive information and used for investigation/debugging when normal logs have failed and isn't enabled by default. I agree with Daan, -1. |
OK, but I still think we should document this to tell sysadmin that sensitive information are logged and need carefully handle. |
|
@lujiefsi I thank you for your diligence and I can live with sanitised logs and I agree that a password is only useful when debugging the authentication. There are many things wrong with our logging and passwords being logged for the wrong reasons is one of them. If this change suits your need, i wont block it. cc @rhtyd |
|
I still don't agree, we don't enable trace logs in production unless we're investigating something. It may be a useful property to see unmasked/unsanitised data. Instead if there's any specific VO or job or command parameter that shouldn't be logged, it should be fixed there than a general fix; for example explicit log off annoation for a command can be done like this: https://github.com/apache/cloudstack/blob/master/core/src/main/java/org/apache/cloudstack/ca/SetupKeyStoreCommand.java#L31 Let's revisit this towards 4.16. |
It looks like a good solution! |
|
Hi, the PR got auto-closed due to no known source repository or some other Github-specific issue during the recent renaming of the default branch to |
Description
This PR fixing CLOUDSTACK-10424
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity