New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dscreate and dsconf print DM's password in verbose mode #3310
Comments
Comment from mhonek (@kenoh) at 2019-02-28 16:35:26 Metadata Update from @kenoh:
|
Comment from firstyear (@Firstyear) at 2019-03-01 02:56:07 So I think a way to fix this could be in DSLdapObject inside the set function, we can say "if field in " then we display ***** instead - but in DEBUGGING=True maybe we still display it? |
Comment from mhonek (@kenoh) at 2019-03-01 10:56:12 I'm thinking of having a class variable |
Comment from firstyear (@Firstyear) at 2019-03-04 02:10:11 @kenoh I think this seems like a good approach. I would have done the same, have a class variable of that signature, and then to use it to filter or replace the content with **** or similar. |
Comment from mreynolds (@mreynolds389) at 2019-05-13 17:49:53 Metadata Update from @mreynolds389:
|
Comment from mreynolds (@mreynolds389) at 2019-05-13 18:05:35 Please review... |
Comment from mreynolds (@mreynolds389) at 2019-05-13 18:05:36 Metadata Update from @mreynolds389:
|
Comment from mhonek (@kenoh) at 2019-05-14 12:49:48 One thing I thought I put down but seemingly haven't, was that in the simplest implementation case, we should have a method, e.g. def display_attr_value(self, attr, value, hide_sesitive=True):
if DEBUGGING or hide_sensitive:
return value
else:
if attr.lower() in self._sensitive_attributes:
return '********'
else:
return value |
Comment from firstyear (@Firstyear) at 2019-05-15 02:09:10 @kenoh Another option is to wrap / over-load the str/unicode method on the str we return. But that could be complex .... |
Comment from mreynolds (@mreynolds389) at 2019-05-16 19:45:02 commit 632ecb9 |
Comment from mreynolds (@mreynolds389) at 2019-05-16 19:45:02 Metadata Update from @mreynolds389:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/50251
Issue Description
When dscreate is executed in verbose mode, it prints Directory Manager's password to stderr. The same happens with dsconf when I change the password.
Package Version and Platform
389-ds-base-1.4.0.19-2.
Steps to reproduce
Actual results
Expected results
Actual value should not be printed in the debug logs. Python logging module supports filters that should be used to redact sensitive information from the logs
The text was updated successfully, but these errors were encountered: