Barbican server discloses password and X-auth

Barbican server discloses SQL Connection String and X-auth token values via LOG.debug Change-Id: I76f608ef494052f0addb6fd652f13306a08fa1e8 Closes-Bug: #1567500
2016-04-07 08:07:40 -04:00 · 2016-04-07 08:07:40 -04:00 · 6c32622075
parent d3fcaf883c
commit 6c32622075
2 changed files with 2 additions and 4 deletions
--- a/barbican/api/middleware/context.py
+++ b/barbican/api/middleware/context.py
@ -62,8 +62,6 @@ class ContextMiddleware(BaseContextMiddleware):

        if req.headers.get('X-Identity-Status') == 'Confirmed':
            req.context = self._get_authenticated_context(req)
-            LOG.debug("==== Inserted barbican auth "
-                      "request context: %s ====", req.context.to_dict())
        elif CONF.allow_anonymous_access:
            req.context = self._get_anonymous_context()
            LOG.debug("==== Inserted barbican unauth "
--- a/barbican/model/repositories.py
+++ b/barbican/model/repositories.py
@ -91,7 +91,6 @@ def setup_database_engine_and_factory():
    global sa_logger, _SESSION_FACTORY, _ENGINE

    LOG.info('Setting up database engine and session factory')
-    LOG.debug('Sql connection = %s', CONF.sql_connection)
    if CONF.debug:
        sa_logger = logging.getLogger('sqlalchemy.engine')
        sa_logger.setLevel(logging.DEBUG)
@ -215,7 +214,8 @@ def is_db_connection_error(args):


 def _create_engine(connection, **engine_args):
-    LOG.debug("Sql connection: %s; Args: %s", connection, engine_args)
+    LOG.debug('Sql connection: please check "sql_connection" property in '
+              'barbican configuration file; Args: %s', engine_args)

    engine = sqlalchemy.create_engine(connection, **engine_args)