Issue #658
closedDEBUG level logs database password
Description
1. Enable log level DEBUG
2. Set username and password in [database] of server.conf
3. Restart all pulp services
4. Observe that the line that starts with 'Connection Arguments: ' contains 'password: aaaaaaaaa' where aaaaaaaaaaa is the password from step 2.
Expected behavior:
That the password key would be included in the output but the password would be marked the password would be replaced with a mask character like 'x' causing password to be 'xxxxxxxx' when logged.
+ This bug was cloned from Bugzilla Bug #1182279 +
Updated by bmbouter about 9 years ago
I believe this can be reproduced by running pulp_resource_manager or pulp_workers in the foreground. This should cause the initial logging to use stdout which should show the password.
+ This comment was cloned from Bugzilla #1182279 comment 1 +
Updated by ipanova@redhat.com about 9 years ago
https://github.com/pulp/pulp/pull/1603
+ This comment was cloned from Bugzilla #1182279 comment 2 +
Updated by ipanova@redhat.com about 9 years ago
actually this https://github.com/pulp/pulp/pull/1605
+ This comment was cloned from Bugzilla #1182279 comment 3 +
Updated by cduryee about 9 years ago
2.6.0-0.7.beta
+ This comment was cloned from Bugzilla #1182279 comment 4 +
Updated by igulina@redhat.com about 9 years ago
rpm -qa pulp-server
pulp-server-2.6.0-0.4.beta.fc20.noarch
journalctl --since "20 min ago" | grep 'Connection Arguments:'
journalctl --since "20 min ago" | grep 'Connection Arguments:'
Feb 19 16:17:09 ip-XXX pulp[18755]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:51 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:52 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
yum upgrade
rpm -qa pulp-server
pulp-server-2.6.0-0.7.beta.fc20.noarch
restart all services
journalctl --since "40 min ago" | grep 'Connection Arguments:'
Feb 19 16:17:09 ip-XXX pulp[18755]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:51 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:52 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:34:58 ip-XXX pulp[31331]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:24 ip-XXX pulp[4878]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:40 ip-XXX pulp[5013]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
And I believe that the number of stars shouldn't be the same as the number of characters in the pass. Let's see what will happen if to change the length of the pass
db.changeUserPassword("gena", "adminka")
exit
bye
vi /etc/pulp/server.conf
restart all services
journalctl --since "40 min ago" | grep 'Connection Arguments:'
Feb 19 16:17:09 ip-XXX pulp[18755]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:51 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:18:52 ip-XXX pulp[18889]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': 'admin', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:34:58 ip-XXX pulp[31331]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:24 ip-XXX pulp[4878]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:37:40 ip-XXX pulp[5013]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:46:46 ip-XXX pulp[5126]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
Feb 19 16:47:02 ip-XXX pulp[5261]: pulp.server.db.connection:DEBUG: Connection Arguments: {'username': 'gena', 'host': 'localhost', 'password': '*****', 'max_pool_size': 10, 'port': 27017}
and there are still 5 stars! Nice! I also tried to set a shorter path, there are still 5 stars. Verified.
+ This comment was cloned from Bugzilla #1182279 comment 5 +
Updated by rbarlow almost 9 years ago
- Status changed from 6 to CLOSED - CURRENTRELEASE