Skip to content

/ install-script

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rhigdon updates merge and obfuscate #29

Merged
merged 2 commits into from Aug 31, 2013
Merged

Rhigdon updates merge and obfuscate #29

merged 2 commits into from Aug 31, 2013

Conversation

@rhigdon
Copy link
Contributor

@rhigdon rhigdon commented Aug 31, 2013

No description provided.

rhigdon added 2 commits Aug 30, 2013
@rhigdon
obfuscate the auth token
9a38591
@rhigdon
update to give us a configurable domain
0b9eb2c
configure-syslog.py
@@ -94,7 +94,7 @@

_LOG_SOCKET = None
OUR_PROGNAME = "configure-syslog"
LOGGLY_AUTH_TOKEN = "f5b38b8c-ed99-11e2-8ee8-3c07541ea376"
LOGGLY_AUTH_TOKEN = "MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw"

This comment has been minimized.

Sign in to view
@ivangonekrazy

ivangonekrazy Aug 31, 2013
Contributor

https://configsyslog.gen2.loggly.com/tokens doesn't seem to have this token. Do we want to encode 1ec4e8e1-fbb2-47e7-929b-75a1bff5ffe0 instead?

This comment has been minimized.

Sign in to view
@ivangonekrazy

ivangonekrazy Aug 31, 2013
Contributor

verified the actual token is encoded in there.

This comment has been minimized.

Sign in to view
@vinhn

vinhn Aug 31, 2013

Why obfuscate? If the customer configured this by hand, they'd need to see the raw auth token (which they'd own), and configure using the raw value.

By obfuscating it here, I'm sure a user will wonder if they need to do the same if configuring things manually.

Same thing in examples on how to post events via HTTP. Those examples must show the raw auth token. So we should be consistent here.

On Aug 30, 2013, at 6:41 PM, Ivan Tam notifications@github.com wrote:

In configure-syslog.py:

@@ -94,7 +94,7 @@

_LOG_SOCKET = None
OUR_PROGNAME = "configure-syslog"
-LOGGLY_AUTH_TOKEN = "f5b38b8c-ed99-11e2-8ee8-3c07541ea376"
+LOGGLY_AUTH_TOKEN = "MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw"
https://configsyslog.gen2.loggly.com/tokens doesn't seem to have this token. Do we want to encode 1ec4e8e1-fbb2-47e7-929b-75a1bff5ffe0 instead?


Reply to this email directly or view it on GitHub.
ivangonekrazy added a commit that referenced this pull request Aug 31, 2013
@ivangonekrazy
Merge pull request #29 from rhigdon/rhigdon-updates-merge-and-obfuscate
9fc918b 
Rhigdon updates merge and obfuscate
@ivangonekrazy ivangonekrazy merged commit 9fc918b into loggly:master Aug 31, 2013
@MichaelBlume
Copy link
Contributor

@MichaelBlume MichaelBlume commented Aug 31, 2013

What do we think this is buying us? It's easy to see at a glance how we extract the proper auth token. I think this hurts maintainability and, frankly, makes us look silly, for no real security upside.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
@rhigdon @MichaelBlume @ivangonekrazy @vinhn
You can’t perform that action at this time.