[Inteproxy-commits] r180 - in trunk: . inteproxy
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Nov 28 16:02:16 CET 2008
Author: bh
Date: 2008-11-28 16:02:15 +0100 (Fri, 28 Nov 2008)
New Revision: 180
Modified:
trunk/ChangeLog
trunk/inteproxy/httpmessage.py
Log:
* inteproxy/httpmessage.py (HTTPMessage.debug_log_message): Avoid
writing authorization credentials into log files
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2008-11-26 16:44:54 UTC (rev 179)
+++ trunk/ChangeLog 2008-11-28 15:02:15 UTC (rev 180)
@@ -1,3 +1,8 @@
+2008-11-28 Bernhard Herzog <bh at intevation.de>
+
+ * inteproxy/httpmessage.py (HTTPMessage.debug_log_message): Avoid
+ writing authorization credentials into log files
+
2008-11-26 Bernhard Herzog <bh at intevation.de>
* inteproxy/proxycore.py
Modified: trunk/inteproxy/httpmessage.py
===================================================================
--- trunk/inteproxy/httpmessage.py 2008-11-26 16:44:54 UTC (rev 179)
+++ trunk/inteproxy/httpmessage.py 2008-11-28 15:02:15 UTC (rev 180)
@@ -40,7 +40,15 @@
def debug_log_message(self, log_function):
for header, value in self.headers.items():
- log_function("header: %s:%r", header, value)
+ note = ""
+ if header.lower() in ("authorization", "proxy-authorization"):
+ # The values of authorization headers may contain
+ # passwords that are only base64 encoded but not
+ # encrypted. To avoid leaking sensitive information to
+ # logfiles, remove such information in the debug output
+ value = value.split()[0]
+ note = " [value shortened in debug output]"
+ log_function("header: %s:%r%s", header, value, note)
if self.body_has_been_read():
if self._body:
log_function("body: %r", self._body)
More information about the Inteproxy-commits
mailing list