Skip to content

Exception includes user login and password as plaintext #91

@burninghelix123

Description

@burninghelix123

User password and login are included in exceptions as plain text if the shotgun_api encounters an "internal error". This seems to be used in several different functions in shotgun.py. This is obviously a huge issue when storing exceptions for debugging or when using the api in programs that automatically log to an external file. An example use of it is on line 1367 - 1382:

        params.update(self._auth_params())

        except urllib2.HTTPError, e:
            if e.code == 500:
                raise ShotgunError("Server encountered an internal error. "
                    "\n%s\n(%s)\n%s\n\n" % (url, params, e))

Is there something i'm missing here or something I'm doing wrong?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions