Project

General

Profile

Actions
Copy link

Bug #19044

closed

Do not send username into logs with every request

Added by Lukas Zapletal over 7 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Security
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/4418
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

From the security standpoint, this is unnecessary exposal of sensitive data. We should log database ID instead, it is still possible to pair these with usernames when needed.

We also expose this during login in Parameters Rails INFO log message, this patch will fix that as well.

Related issues 1 (0 open1 closed)

Related to Foreman - Feature #18949: Include information about current user when logginClosedIvan Necas03/17/2017Actions
Actions
Copy link
 #1

Updated by Lukas Zapletal over 7 years ago

  • Related to Feature #18949: Include information about current user when loggin added
Actions
Copy link
 #2

Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Lukas Zapletal
  • Pull request https://github.com/theforeman/foreman/pull/4418 added
Actions
Copy link
 #3

Updated by Dominic Cleal over 7 years ago

  • Status changed from Ready For Testing to Rejected

PR closed by author.

Actions
Copy link

Also available in: Atom PDF