Rhigdon updates merge and obfuscate#29
Conversation
configure-syslog.py
Outdated
There was a problem hiding this comment.
https://configsyslog.gen2.loggly.com/tokens doesn't seem to have this token. Do we want to encode 1ec4e8e1-fbb2-47e7-929b-75a1bff5ffe0 instead?
There was a problem hiding this comment.
verified the actual token is encoded in there.
There was a problem hiding this comment.
Why obfuscate? If the customer configured this by hand, they'd need to see the raw auth token (which they'd own), and configure using the raw value.
By obfuscating it here, I'm sure a user will wonder if they need to do the same if configuring things manually.
Same thing in examples on how to post events via HTTP. Those examples must show the raw auth token. So we should be consistent here.
On Aug 30, 2013, at 6:41 PM, ♥ Ivan Tam ♥ notifications@github.com wrote:
In configure-syslog.py:
@@ -94,7 +94,7 @@
_LOG_SOCKET = None
OUR_PROGNAME = "configure-syslog"
-LOGGLY_AUTH_TOKEN = "f5b38b8c-ed99-11e2-8ee8-3c07541ea376"
+LOGGLY_AUTH_TOKEN = "MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw"
https://configsyslog.gen2.loggly.com/tokens doesn't seem to have this token. Do we want to encode 1ec4e8e1-fbb2-47e7-929b-75a1bff5ffe0 instead?—
Reply to this email directly or view it on GitHub.
Rhigdon updates merge and obfuscate
|
What do we think this is buying us? It's easy to see at a glance how we extract the proper auth token. I think this hurts maintainability and, frankly, makes us look silly, for no real security upside. |
4 participants
No description provided.