在Windows Azure管理門戶的「操作日誌」中我看到了操作「AddCertificates」。在詳細信息中,我可以以純文本形式查看base64格式的pfx證書和密碼。在Azure操作日誌中關閉日誌記錄pfx密碼
我認爲在日誌中存儲證書和密碼是不正確的。
如何禁用此功能?
UPD:記錄從操作日誌
<SubscriptionOperation xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<OperationId>7b52fbab-3cfe-40b4-9910-02d26d575503</OperationId>
<OperationObjectId>/094cc12d-f8f7-4f5f-804a-57b16bc87f1b/services/hostedservices/MyServiceName</OperationObjectId>
<OperationName>AddCertificates</OperationName>
<OperationParameters xmlns:d2p1="http://schemas.datacontract.org/2004/07/Microsoft.WindowsAzure.ServiceManagement">
<OperationParameter>
<d2p1:Name>subscriptionID</d2p1:Name>
<d2p1:Value>094cc12d-f8f7-4f5f-804a-57b16bc87f1b</d2p1:Value>
</OperationParameter>
<OperationParameter>
<d2p1:Name>serviceName</d2p1:Name>
<d2p1:Value>MyServiceName</d2p1:Value>
</OperationParameter>
<OperationParameter>
<d2p1:Name>input</d2p1:Name>
<d2p1:Value><?xml version="1.0" encoding="utf-16"?><CertificateFile xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/windowsazure">
<Data>**BASE64CertificateData**</Data>
<CertificateFormat>pfx</CertificateFormat>
<Password>**PLAIN_PASSWORD**</Password></CertificateFile></d2p1:Value>
</OperationParameter>
</OperationParameters>
<OperationCaller>
<UsedServiceManagementApi>true</UsedServiceManagementApi>
<SubscriptionCertificateThumbprint>THUMBPRINT</SubscriptionCertificateThumbprint>
<ClientIP>95.221.82.19</ClientIP>
</OperationCaller>
<OperationStatus>
<ID>7b52fbab-3cfe-40b4-9910-02d26d575503</ID>
<Status>Succeeded</Status>
<HttpStatusCode>200</HttpStatusCode>
</OperationStatus>
<OperationStartedTime>2013-03-16T04:45:41Z</OperationStartedTime>
<OperationCompletedTime>2013-03-16T04:45:44Z</OperationCompletedTime>
</SubscriptionOperation>
我剛剛嘗試從Windows Azure Powershell添加證書,它也以純文本形式在調試模式下顯示密碼。但是它是客戶端和部署證書的人已經知道密碼。 在操作日誌中,有能力查看每個有權訪問管理門戶的人的密碼。 – 2013-03-16 04:52:42