[Inteproxy-commits] r180 - in trunk: . inteproxy

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Nov 28 16:02:16 CET 2008


Author: bh
Date: 2008-11-28 16:02:15 +0100 (Fri, 28 Nov 2008)
New Revision: 180

Modified:
   trunk/ChangeLog
   trunk/inteproxy/httpmessage.py
Log:
* inteproxy/httpmessage.py (HTTPMessage.debug_log_message): Avoid
writing authorization credentials into log files


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2008-11-26 16:44:54 UTC (rev 179)
+++ trunk/ChangeLog	2008-11-28 15:02:15 UTC (rev 180)
@@ -1,3 +1,8 @@
+2008-11-28  Bernhard Herzog  <bh at intevation.de>
+
+	* inteproxy/httpmessage.py (HTTPMessage.debug_log_message): Avoid
+	writing authorization credentials into log files
+
 2008-11-26  Bernhard Herzog  <bh at intevation.de>
 
 	* inteproxy/proxycore.py

Modified: trunk/inteproxy/httpmessage.py
===================================================================
--- trunk/inteproxy/httpmessage.py	2008-11-26 16:44:54 UTC (rev 179)
+++ trunk/inteproxy/httpmessage.py	2008-11-28 15:02:15 UTC (rev 180)
@@ -40,7 +40,15 @@
 
     def debug_log_message(self, log_function):
         for header, value in self.headers.items():
-            log_function("header: %s:%r", header, value)
+            note = ""
+            if header.lower() in ("authorization", "proxy-authorization"):
+                # The values of authorization headers may contain
+                # passwords that are only base64 encoded but not
+                # encrypted.  To avoid leaking sensitive information to
+                # logfiles, remove such information in the debug output
+                value = value.split()[0]
+                note = " [value shortened in debug output]"
+            log_function("header: %s:%r%s", header, value, note)
         if self.body_has_been_read():
             if self._body:
                 log_function("body: %r", self._body)



More information about the Inteproxy-commits mailing list