From 6c326220753dbd5ee5a74e7ebaca6343b35f7f69 Mon Sep 17 00:00:00 2001 From: Pan Date: Thu, 7 Apr 2016 08:07:40 -0400 Subject: [PATCH] Barbican server discloses password and X-auth Barbican server discloses SQL Connection String and X-auth token values via LOG.debug Change-Id: I76f608ef494052f0addb6fd652f13306a08fa1e8 Closes-Bug: #1567500 --- barbican/api/middleware/context.py | 2 -- barbican/model/repositories.py | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/barbican/api/middleware/context.py b/barbican/api/middleware/context.py index 0d6a49b31..b53bcdbf2 100644 --- a/barbican/api/middleware/context.py +++ b/barbican/api/middleware/context.py @@ -62,8 +62,6 @@ class ContextMiddleware(BaseContextMiddleware): if req.headers.get('X-Identity-Status') == 'Confirmed': req.context = self._get_authenticated_context(req) - LOG.debug("==== Inserted barbican auth " - "request context: %s ====", req.context.to_dict()) elif CONF.allow_anonymous_access: req.context = self._get_anonymous_context() LOG.debug("==== Inserted barbican unauth " diff --git a/barbican/model/repositories.py b/barbican/model/repositories.py index e787cec02..aff7041a8 100755 --- a/barbican/model/repositories.py +++ b/barbican/model/repositories.py @@ -91,7 +91,6 @@ def setup_database_engine_and_factory(): global sa_logger, _SESSION_FACTORY, _ENGINE LOG.info('Setting up database engine and session factory') - LOG.debug('Sql connection = %s', CONF.sql_connection) if CONF.debug: sa_logger = logging.getLogger('sqlalchemy.engine') sa_logger.setLevel(logging.DEBUG) @@ -215,7 +214,8 @@ def is_db_connection_error(args): def _create_engine(connection, **engine_args): - LOG.debug("Sql connection: %s; Args: %s", connection, engine_args) + LOG.debug('Sql connection: please check "sql_connection" property in ' + 'barbican configuration file; Args: %s', engine_args) engine = sqlalchemy.create_engine(connection, **engine_args)