Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Can't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 2.11.1 GA
Component/s: Gateway
Labels:
- support

Blocked:
False
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%

SFDC Cases Links:
SFDC Cases Counter:

Description

Currently the INFO log level reveals sensitive credentials even if they are passed in the request as headers, for example:

[info] 29#29: *149565 [lua] proxy.lua:82: output_debug_headers(): usage: usage%5Btest%5D=1 credentials: app_key=abcdefg123456&app_id=a1b2d3, client: 10.10.10.10, server: _, request: "GET /some/path HTTP/1.1", host: "some.host"

[info] 29#29: *149565 [lua] backend_client.lua:133: call_backend_transaction(): backend client uri: https://backend.test/transactions/authrep.xml?service_id=4&service_token=abcdefg&usage%5Btest%5D=1&app_key=abcdefghi1234567&app_id=0123abcd ok: true status: 200 body:  error: nil, client: 10.10.10.10, server: _, request: "GET /some/path HTTP/1.1", host: "some.host"

The request is to only show such information when the log level is configured to debug

Attachments

Issue Links

is related to

THREESCALE-2005 Ability to mask keys in the logs

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Samuele Illuminati (Inactive)

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022/02/16 5:06 PM

Updated:: 2023/04/12 10:02 AM

Resolved:: 2023/04/12 10:02 AM