[Openstack-security] [Bug 1708122] Re: Don't return back the sensitive information to user
Author: huangtianhua <huangtianhua at huawei.com>
Date: Thu Aug 3 11:56:11 2017 +0800
Don't return the sensitive information to user
We return back the sensitive information to user
when some exceptions happened, for example,
when DBError happened, we return the whole sql
statement to user, it's not safe.
This patch changes to return the message if the
exception is the HeatException, otherwise the message
won't be revealed to user.
** Changed in: heat
Status: In Progress => Fix Released
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
Don't return back the sensitive information to user
Status in OpenStack Heat:
Status in OpenStack Security Advisory:
We return back the sensitive information to user when some exception happen, for example, when DBError happened, we will return the whole sql statement to user, it's not safe, also we return the traceback to user, it's not necessary.
Maybe we can do the same thing like nova and cinder to add an attribute 'safe' for some exceptions to decide whether to return the information like the error message details to user.
To manage notifications about this bug go to: