Swift3

  1. Bug #1685798
  2. Comment #0

Comment 0 for bug 1685798

Revision history for this message
Christian Schwede (cschwede) wrote : Swift tempurl middleware reveals signatures in the logfiles

The proxy server will log valid temporary urls, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended
periods and/or when using central logging servers, accessed by operators that have no access to the Swift servers.

Example logentry:

 Apr 24 13:25:16 localhost proxy-server[5849]: 127.0.0.1 127.0.0.1 24/Apr/2017/13/25/16 GET /v1/AUTH_test/test/something%3Ftemp_url_sig%3D99e80d557807904d15c69f4ef85bce42cfcd0bd5%26temp_url_expires%3D1493041071 HTTP/1.0 401 - curl/7.51.0 - - 35 - tx01de01a8da5a4052988bc-0058fdfcbc - 0.0178 - - 1493040316.148339987 1493040316.166150093 -

I propose to trim the temp_url_sig, like we are already doing for tokens - see attached patch.