Passwords shown in log #100
Comments
|
Hello, I think that's due to the 52 release workaround. |
|
@Trim Can you provide a link to the commit or PR that caused this? |
|
Yes, that was introduced by commit 7ff3849 which introduces the The informations logged expose the full The fix I was writting (but currently not tested) is to construct the URL with all informations except password if the user want to hide it. |
advancingu
pushed a commit
that referenced
this issue
Nov 11, 2017
The observer created on 'http-on-modify-request' was showing password in logs even if the user asked to not show password in logs. This patch automatically replaces password by `***` in the URIs before logging them. Fix #100
|
Looks like this can be closed. |
|
Indeed, it should be fixed with release 4.0.0-beta5. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Despite "Show password in clear text in log file" checkbox being unchecked, authentication password is clearly visible in rows generated by observer activity.
Example:
1st-setup:2017-9-0 23:39:4.594:edc07453-c547-ba4b-911c-8a6521acfea9: ecExchangeRequest observing http-on-modify-request for URI https://USERNAME:PASSWORD@outlook.office365.com/EWS/Exchange.asmx originalURI https://USERNAME:PASSWORD@outlook.office365.com/EWS/Exchange.asmxThe text was updated successfully, but these errors were encountered: