New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

the HttpServer and RestHandler should make an effort to mask password info when logging #1086

Closed
davidnich opened this Issue Jul 20, 2016 · 0 comments

Comments

Projects
None yet
2 participants
@davidnich
Contributor

davidnich commented Jul 20, 2016

ex:

2016.07.20 21:09:48.345078 T70: HTTP "qorus-0" (ipv6[::]:8001): cid 16476 src "ipv6[::1]": PUT /api/login HTTP/1.1 (agent: "Qore-DataStreamClient/1.0" body: '{user: "1s", pass: "2s"}\n' (25b) Content-Type: "text/x-yaml;charset=UTF-8")
2016.07.20 21:10:11.542802 T21: HTTP "qorus-0" (ipv6[::]:8001): cid 16485 src "ipv6[::1]": PUT /api/login?user=1s;pass=2s HTTP/1.1 (agent: "Qore-DataStreamClient/1.0" Content-Type: "text/x-yaml;charset=utf8")
2016.07.20 21:35:11.210956 T170: REST DBG: body: {user: "1s", pass: "2s"}
2016.07.20 21:34:44.744408 T85: REST DBG: class "login": dispatching method "put" args: {user: "1s", pass: "2s"}

@davidnich davidnich added the bug label Jul 20, 2016

@davidnich davidnich added this to the 0.8.13 milestone Jul 20, 2016

@davidnich davidnich self-assigned this Jul 20, 2016

davidnich added a commit that referenced this issue Jul 20, 2016

pavelkveton added a commit that referenced this issue Jul 20, 2016

Merge pull request #1087 from qorelanguage/bugfix/1086_http_rest_pass…
…word_masking

refs #1086 added logic to attempt to mask passwords in log messages i…

@tethal tethal added the fixed label Jul 21, 2016

@tethal tethal closed this Jul 21, 2016

davidnich added a commit that referenced this issue Jul 23, 2016

refs #1086 improved password masking; covers XML-RPC encoding in mess…
…age bodies, targeted masking in YAML output (%y sprintf formatting), added masking to debug log messages for REST API calls with an invalid HTTP method

tethal added a commit that referenced this issue Jul 23, 2016

Merge pull request #1094 from qorelanguage/bugfix/1086_http_rest_pass…
…word_masking

refs #1086 improved password masking; covers XML-RPC encoding in mess…

@davidnich davidnich added the not-c++ label May 19, 2017

davidnich added a commit that referenced this issue May 19, 2017

omusil24 added a commit that referenced this issue May 21, 2017

Merge pull request #1873 from qorelanguage/bugfix/1086_better_masking
refs #1086 better HTTP masking implementation for sensitive data; bet…

davidnich added a commit that referenced this issue May 25, 2017

omusil24 added a commit that referenced this issue May 26, 2017

Merge pull request #1892 from qorelanguage/bugfix/1086_http_masking
refs #1086 removed non-Qore masking logic from HttpServerUtil; made a…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment