Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #4783 (closed)

Opened 8 years ago

Closed 8 years ago

Bug: OMEROweb debugging may print user password

Reported by: jamoore Owned by: atarkowska
Priority: critical Milestone: OMERO-Beta4.3
Component: Web Version: n.a.
Keywords: n.a. Cc: atarkowska, cneves
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2011-05-19 (12)

Description (last modified by atarkowska)

Wed, 23 Mar 2011 10:18:07 root         DEBUG    ADMINS = [] (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    APPLICATION_HOST = 'http://localhost:80/' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    APPLICATION_SERVER = 'fastcgi-tcp' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    APPLICATION_SERVER_HOST = '0.0.0.0' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    APPLICATION_SERVER_PORT = '4080' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    CACHE_BACKEND = '(unset)' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    DEBUG = True (source:omero.web.debug)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    EMAIL_HOST = None (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    EMAIL_HOST_PASSWORD = None (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    EMAIL_HOST_USER = None (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    EMAIL_PORT = None (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    EMAIL_SUBJECT_PREFIX = '[OMERO.web] ' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    EMAIL_USE_TLS = False (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    LOGDIR = '/OMERO/var/log' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    SEND_BROKEN_LINK_EMAILS = True (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    SERVER_EMAIL = None (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    SERVER_LIST = [[u'localhost', 4064, u'omero']] (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    SESSION_ENGINE = 'django.contrib.sessions.backends.file' (source:default)
Wed, 23 Mar 2011 10:18:07 root         DEBUG    USE_EMAN2 = False (source:default)

This should also be backported to 4.2

Also if login failed:

Tue, 10 May 2011 08:01:05 webgateway   DEBUG    creating new connection with "S:" (False)
Tue, 10 May 2011 08:01:05 blitz_gateway DEBUG    Connect attempt, sUuid=None, group=None, self.sUuid=None
Tue, 10 May 2011 08:01:05 blitz_gateway INFO     BlitzGateway.connect().createSession(): Traceback (most recent call last):
  File "/Users/ola/Dev/omero/dist/lib/python/omero/gateway/__init__.py", line 1535, in connect
    self._createSession()
  File "/Users/ola/Dev/omero/dist/lib/python/omero/gateway/__init__.py", line 1440, in _createSession
    self._ic_props[omero.constants.PASSWORD])
  File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 448, in createSession
    prx = self.getRouter(self.__ic).createSession(username, password, ctx)
  File "/opt/Ice-3.3/python/Glacier2_Router_ice.py", line 107, in createSession
    return _M_Glacier2.Router._op_createSession.invoke(self, ((userId, password), _ctx))
PermissionDeniedException: exception ::Glacier2::PermissionDeniedException
{
    reason = Password check failed
}

Tue, 10 May 2011 08:01:05 blitz_gateway DEBUG    {'omero.pass': 'foo', 'omero.user': 'ola'}

Change History (7)

comment:1 Changed 8 years ago by jmoore

  • Owner set to atarkowska

comment:2 Changed 8 years ago by atarkowska

  • Remaining Time set to 0.25
  • Sprint set to 2011-05-19 (12)

comment:3 Changed 8 years ago by atarkowska

  • Cc cneves-x added
  • Description modified (diff)

comment:4 Changed 8 years ago by Aleksandra Tarkowska <aleksandrat@…>

  • Remaining Time changed from 0.25 to 0
  • Resolution set to fixed
  • Status changed from new to closed

(In [be3d57636366f168160d0996e6c36c01a02ec8b0/ome.git] on branch develop) this fixes #4783

comment:5 Changed 8 years ago by Aleksandra Tarkowska <aleksandrat@…>

(In [42c75e51d1c3f671d98d6eca358a9eb4bb206aca/ome.git] on branch develop) this finalize remove printing password from the logfile, see #4783

comment:6 Changed 8 years ago by jmoore

  • Resolution fixed deleted
  • Status changed from closed to reopened
Mon, 30 May 2011 19:57:04 webgateway   INFO     getBlitzConnection(host=localhost, port=4064, ssl=False, username=root)
Mon, 30 May 2011 19:57:04 webgateway   DEBUG    p=omero, k=cuuid#1

comment:7 Changed 8 years ago by Aleksandra Tarkowska <aleksandrat@…>

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [75aba916d2046021920720557aeae3e5e74d981b/ome.git] on branch develop) this remove password from log, close #4783

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.92005 sec.)

We're Hiring!