We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10640
Created by sbancal on 2015-11-16 09:22:58 +00:00
Assignee: elippmann Status: Resolved (closed on 2016-02-23 14:45:03 +00:00) Target Version: 2.2.0 Last Update: 2016-02-23 14:45:03 +00:00 (in Redmine)
Hi,
Password hiding mechanism set by the protected_customvars works for 1st level variables, but not 2nd level :
Let's say a host config has this :
vars.mysql["fooo"] = { mysql_user = "fooo123" mysql_password = host_mysql_fooo123 mysql_database = "fooo" }
mysql_password is directly readable on icingaweb2.
If I declare the password this way (which is not possible in our context) :
vars.mysql_password = host_mysql_fooo123
Then the password is substitued with ***** on icingaweb2.
/etc/icingaweb2/config.ini contains : [security] protected_customvars = "pw,pass,community"
Versions : icinga2 2.3.11-1ppa1trusty1 icingaweb2 2.0.0-1~ppa1
Changesets
2016-01-22 17:37:27 +00:00 by aklimov 7bc489b
MonitoredObject: obfuscate custom variables recursively refs #10640
2016-02-23 09:54:47 +00:00 by elippmann acd2ef7
monitoring: Fix PHPDoc of MonitoredObject::obfuscateCustomVars() refs #10640
2016-02-23 14:40:27 +00:00 by elippmann bb8478a
Merge branch 'bugfix/passwords-not-hidden-by-icinga-web-2-10640' fixes #10640
The text was updated successfully, but these errors were encountered:
Updated by aklimov on 2016-01-22 17:39:55 +00:00
Sorry, something went wrong.
Updated by elippmann on 2016-02-17 16:55:58 +00:00
Updated by elippmann on 2016-02-23 14:45:03 +00:00
Applied in changeset bb8478a.
No branches or pull requests
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10640
Created by sbancal on 2015-11-16 09:22:58 +00:00
Assignee: elippmann
Status: Resolved (closed on 2016-02-23 14:45:03 +00:00)
Target Version: 2.2.0
Last Update: 2016-02-23 14:45:03 +00:00 (in Redmine)
Hi,
Password hiding mechanism set by the protected_customvars works for 1st level variables, but not 2nd level :
Let's say a host config has this :
vars.mysql["fooo"] = {
mysql_user = "fooo123"
mysql_password = host_mysql_fooo123
mysql_database = "fooo"
}
mysql_password is directly readable on icingaweb2.
If I declare the password this way (which is not possible in our context) :
vars.mysql_password = host_mysql_fooo123
Then the password is substitued with ***** on icingaweb2.
/etc/icingaweb2/config.ini contains :
[security]
protected_customvars = "pw,pass,community"
Versions :
icinga2 2.3.11-1
ppa1trusty1icingaweb2 2.0.0-1~ppa1
Changesets
2016-01-22 17:37:27 +00:00 by aklimov 7bc489b
2016-02-23 09:54:47 +00:00 by elippmann acd2ef7
2016-02-23 14:40:27 +00:00 by elippmann bb8478a
The text was updated successfully, but these errors were encountered: