Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: 2.9 GA
Component/s: System
Labels:
- gss-prioritized
- support

Blocked:
False
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%
Release Note Text:
Undefined

SFDC Cases Links:
SFDC Cases Counter:

Description

The request is to avoid logging access tokens.
Currently when an API request that contains an access token is performed, system logs the access token.

e.g.:

access_token in query param

Started GET "/admin/api/accounts.xml?access_token=cc04c2c0ff5c77b080bbc27541350134332e7c7afa05aeb8921697bb0e82c872&page=1&per_page=500" for 192.168.130.1 at 2021-03-30 12:42:29 +0000
Processing by Admin::Api::AccountsController#index as XML
  Parameters: {"access_token"=>"cc04c2c0ff5c77b080bbc27541350134332e7c7afa05aeb8921697bb0e82c872", "page"=>"1", "per_page"=>"500"}

access_token in body param

Started GET "/admin/api/accounts.xml?page=1&per_page=500" for 192.168.130.1 at 2021-03-30 12:41:43 +0000
Processing by Admin::Api::AccountsController#index as XML
  Parameters: {"access_token"=>"cc04c2c0ff5c77b080bbc27541350134332e7c7afa05aeb8921697bb0e82c872", "page"=>"1", "per_page"=>"500", "account"=>{"access_token"=>"cc04c2c0ff5c77b080bbc27541350134332e7c7afa05aeb8921697bb0e82c872"}}

Attachments

Issue Links

is incorporated by

THREESCALE-5442 Mask keys and Access Tokens in the logs on System

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Samuele Illuminati (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/03/30 8:48 AM

Updated:: 2021/10/24 5:51 AM

Resolved:: 2021/04/01 5:37 AM