81fd509350
Without this patch, if a token fails to decrypt, the token string is logged at the WARNING level, which means the majority of deployments will log it. Since keystone tokens are bearer tokens, logging it to disk is a security risk. Of course the reason for the log is that the token is invalid, and so it can't be used as-is to gain access, but the token might be *almost* valid: for example, it might be a token that the user had intended to use on a different keystone instance, or it might be a truncated token such that the last few characters could be guessed. Since the encrypted token is nearly useless to an operator for debugging, stop logging the token string and just emit a generic warning. Change-Id: Id05b506327d22e42b2da3b1a38d8237cbf7786a8 |
||
---|---|---|
.. | ||
common | ||
functional | ||
hacking | ||
unit | ||
__init__.py |