Jump to: navigation, search

Solum/Logging

< Solum
Revision as of 21:24, 9 December 2013 by Paul Montgomery (talk | contribs) (logging)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In order to prevent accidental leakage of confidential information to unauthorized Solum users, there are some guidelines to assist in isolating this confidential data for easy/accurate filtering on the back end log management tools:

  • Unless the developer is sure that an exception will never contain confidential information, exceptions should be identified as confidential. This has historically been especially problematic with database exceptions which may contain real field data.
  • Never log plain text passwords
  • Minimize Personally Identifiable Information (PII) logging where possible
  • Avoid logging local server state which may provide hints to attackers (examples: file paths, code file names, user account names)
  • If a user identifier (tenant/project ID) is not present in the log record or does not match the current authenticated user, do not show this log data to the user
Retrieved from "https://wiki.openstack.org/w/index.php?title=Solum/Logging&oldid=37785"