Project

Profile

Help

Issue #658

closed

DEBUG level logs database password

Added by bmbouter about 7 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.6 Beta
Platform Release:
2.6.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix, Pulp 2
Sprint:
Quarter:

Description

1. Enable log level DEBUG
2. Set username and password in [database] of server.conf
3. Restart all pulp services
4. Observe that the line that starts with 'Connection Arguments: ' contains 'password: aaaaaaaaa' where aaaaaaaaaaa is the password from step 2.

Expected behavior:
That the password key would be included in the output but the password would be marked the password would be replaced with a mask character like 'x' causing password to be 'xxxxxxxx' when logged.

+ This bug was cloned from Bugzilla Bug #1182279 +

Actions #1

Updated by bmbouter about 7 years ago

I believe this can be reproduced by running pulp_resource_manager or pulp_workers in the foreground. This should cause the initial logging to use stdout which should show the password.

+ This comment was cloned from Bugzilla #1182279 comment 1 +

Actions #3

Updated by ipanova@redhat.com about 7 years ago

actually this https://github.com/pulp/pulp/pull/1605

+ This comment was cloned from Bugzilla #1182279 comment 3 +

Actions #4

Updated by cduryee about 7 years ago

2.6.0-0.7.beta

+ This comment was cloned from Bugzilla #1182279 comment 4 +

Actions #5

Updated by igulina@redhat.com about 7 years ago

rpm -qa pulp-server

pulp-server-2.6.0-0.4.beta.fc20.noarch

journalctl --since "20 min ago" | grep 'Connection Arguments:'

journalctl --since "20 min ago" | grep 'Connection Arguments:'
Feb 19 16:17:09 ip-XXX pulp[18755]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:51 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:52 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}

yum upgrade
rpm -qa pulp-server

pulp-server-2.6.0-0.7.beta.fc20.noarch

restart all services

journalctl --since "40 min ago" | grep 'Connection Arguments:'

Feb 19 16:17:09 ip-XXX pulp[18755]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:51 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:52 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:34:58 ip-XXX pulp[31331]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:24 ip-XXX pulp[4878]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:40 ip-XXX pulp[5013]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}

And I believe that the number of stars shouldn't be the same as the number of characters in the pass. Let's see what will happen if to change the length of the pass

db.changeUserPassword("gena", "adminka")

exit

bye

vi /etc/pulp/server.conf

restart all services

journalctl --since "40 min ago" | grep 'Connection Arguments:'

Feb 19 16:17:09 ip-XXX pulp[18755]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:51 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:52 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:34:58 ip-XXX pulp[31331]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:24 ip-XXX pulp[4878]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:40 ip-XXX pulp[5013]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:46:46 ip-XXX pulp[5126]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:47:02 ip-XXX pulp[5261]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}

and there are still 5 stars! Nice! I also tried to set a shorter path, there are still 5 stars. Verified.

+ This comment was cloned from Bugzilla #1182279 comment 5 +

Actions #6

Updated by bmbouter about 7 years ago

  • Severity changed from High to 3. High
Actions #7

Updated by rbarlow about 7 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE
Actions #9

Updated by bmbouter about 3 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF