Project

Profile

Help

Task #8202

closed

Make sensitive fields write_only and stop filtering on them

Added by daviddavis about 3 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Sprint 91
Quarter:

Description

Make these fields write_only=True

  • username
  • password
  • proxy_username
  • proxy_password
  • client_key

Filter implications

To not leak data we can no longer offer filtering of these fields. The FilterSet needs to be adjusted with this work to disinclude these fields.

Update the docs

There are scary banners that say that Pulp is unsafe to use because it returns this kind of data in the responses. The banners should still exist, but they should no longer give examples of username and password becase that is no longer in the API. It should say instead that it could read data from objects from other users (or something like that).


Related issues

Blocks Pulp - Story #8192: Add code to pulpcore that uses the db key to encrypt fieldsCLOSED - CURRENTRELEASE

Actions

Also available in: Atom PDF