New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwords shown in log #100
Comments
Hello, I think that's due to the 52 release workaround. |
@Trim Can you provide a link to the commit or PR that caused this? |
Yes, that was introduced by commit 7ff3849 which introduces the The informations logged expose the full The fix I was writting (but currently not tested) is to construct the URL with all informations except password if the user want to hide it. |
The observer created on 'http-on-modify-request' was showing password in logs even if the user asked to not show password in logs. This patch automatically replaces password by `***` in the URIs before logging them. Fix #100
Looks like this can be closed. |
Indeed, it should be fixed with release 4.0.0-beta5. |
Despite "Show password in clear text in log file" checkbox being unchecked, authentication password is clearly visible in rows generated by observer activity.
Example:
1st-setup:2017-9-0 23:39:4.594:edc07453-c547-ba4b-911c-8a6521acfea9: ecExchangeRequest observing http-on-modify-request for URI https://USERNAME:PASSWORD@outlook.office365.com/EWS/Exchange.asmx originalURI https://USERNAME:PASSWORD@outlook.office365.com/EWS/Exchange.asmx
The text was updated successfully, but these errors were encountered: