Item11746: Warn that the EMAIL Debug log exposes passwords

I didn't realize that the "encrypted" login exchange was actually just base64 encoded and easily reversed. Yes I know, it's a change post RC, but this is important George git-svn-id: http://svn.foswiki.org/branches/Release01x01@16136 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Nov 30, 2012 · fa6f5bf · fa6f5bf
1 parent 1053bcf
commit fa6f5bf
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/core/lib/Foswiki/Configure/templates/testemailintro.tmpl b/core/lib/Foswiki/Configure/templates/testemailintro.tmpl
@@ -15,6 +15,10 @@
 		</p>
 	</div>
     <div class='foswikiNotification'>
+        <div class='foswikiAlert'>
+            <br /><strong>Caution: The test log will expose email usernames and passwords.</strong>  They are not encrypted or obfuscated, and can be recovered from this log!  Be careful if posting this log for debugging assistance!
+            Especially the lines after the <code>SMTP auth: Attempting authentication</code>.   They are <strong>not encrypted</strong>, but are reversably encoded.
+        </div>
 	    <p>
 	    	This action will temporarily enable email along with the email debugging flag and will attempt to send an email to the admin email address. Errors will be reported back to the web interface instead of to the server logs.
         </p>