The proxy server will log valid temporary urls, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended
periods and/or when using central logging servers, accessed by operators that have no access to the Swift servers.
The proxy server will log valid temporary urls, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended
periods and/or when using central logging servers, accessed by operators that have no access to the Swift servers.
Example logentry:
Apr 24 13:25:16 localhost proxy-server[5849]: 127.0.0.1 127.0.0.1 24/Apr/ 2017/13/ 25/16 GET /v1/AUTH_ test/test/ something% 3Ftemp_ url_sig% 3D99e80d5578079 04d15c69f4ef85b ce42cfcd0bd5% 26temp_ url_expires% 3D1493041071 HTTP/1.0 401 - curl/7.51.0 - - 35 - tx01de01a8da5a4 052988bc- 0058fdfcbc - 0.0178 - - 1493040316. 148339987 1493040316. 166150093 -
I propose to trim the temp_url_sig, like we are already doing for tokens - see attached patch.