Project

Profile

Help

Task #8202

Make sensitive fields write_only and stop filtering on them

Added by daviddavis 2 months ago. Updated 30 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Sprint 91
Quarter:

Description

Make these fields write_only=True

  • username
  • password
  • proxy_username
  • proxy_password
  • client_key

Filter implications

To not leak data we can no longer offer filtering of these fields. The FilterSet needs to be adjusted with this work to disinclude these fields.

Update the docs

There are scary banners that say that Pulp is unsafe to use because it returns this kind of data in the responses. The banners should still exist, but they should no longer give examples of username and password becase that is no longer in the API. It should say instead that it could read data from objects from other users (or something like that).


Related issues

Blocks Pulp - Story #8192: As a user, I can rest easy with all sensitive credentials in the database encrypted at restNEW

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision b5e49a32 View on GitHub
Added by daviddavis about 1 month ago

Make sensitive Remote fields write_only

fixes #8202

History

#1 Updated by daviddavis 2 months ago

  • Tracker changed from Issue to Task
  • % Done set to 0
  • Severity deleted (2. Medium)
  • Triaged deleted (No)

#2 Updated by daviddavis 2 months ago

  • Sprint/Milestone set to 3.11.0

#3 Updated by bmbouter 2 months ago

  • Blocks Story #8192: As a user, I can rest easy with all sensitive credentials in the database encrypted at rest added

#4 Updated by bmbouter 2 months ago

  • Subject changed from Make sensitive fields write_only to Make sensitive fields write_only and stop filtering on them
  • Description updated (diff)

#6 Updated by bmbouter 2 months ago

  • Description updated (diff)

notes from the original posting:

Potentially needing to be write_only

bmbouter's recommendations

  • username - yes because this can be significant
  • password - yes, definitely
  • proxy_url - no, but it's debatable. Users could set username/password in this. Perhaps we could have the validation disable users from doing that. That would be good. Being able to read back the proxy_url is important for users I think.
  • proxy_username - yes because this can be significant
  • proxy_password - yes, definitly
  • client_cert - no, certs aren't useful without the key
  • client_key - yes, definitly

#7 Updated by bmbouter about 2 months ago

  • Tags GalaxyNG added

#8 Updated by daviddavis about 2 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to daviddavis

#9 Updated by ipanova@redhat.com about 2 months ago

  • Sprint set to Sprint 91

#10 Updated by pulpbot about 1 month ago

  • Status changed from ASSIGNED to POST

#11 Updated by daviddavis about 1 month ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#12 Updated by ipanova@redhat.com 30 days ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF