[freeipa PR#3677][opened] Don't log host passwords when they are set/modified
by rcritten
URL: https://github.com/freeipa/freeipa/pull/3677
Author: rcritten
Title: #3677: Don't log host passwords when they are set/modified
Action: opened
PR body:
"""
The host password was defined as a Str type so would be
logged in cleartext in the Apache log.
A new class, HostPassword, was defined to only override
safe_value() so it always returns an obfuscated value.
The Password class cannot be used because it has special treatment
in the frontend to manage prompting and specifically doesn't
allow a value to be passed into it. This breaks backwards
compatibility with older clients. Since this class is derived
from Str old clients treat it as a plain string value.
https://pagure.io/freeipa/issue/8017
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3677/head:pr3677
git checkout pr3677
4 years, 8 months