Is it OK to display the password in the logs?

  • Post date

FireFly Media Server Firefly Media Server Forums Firefly Media Server General Discussion Is it OK to display the password in the logs?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • 28/05/2009 at 11:16 PM #2905
    Anonymous
    Inactive

    Hello, since I was having problems with mt-daapd svn-1696 I decided to ask it to log everything, log level 9 (the most detailed).

    OS: Kubuntu 8.04
    Architecture: i686

    Searching through the logs to get to the relevant parts, I stumbled across the lines that showed the login details encrypted and then in real text!

    Surely, I understand what the purpose of debugging is, but still!

    2009-05-29 01:51:55 (b741cb90): Preparing to decode YWRtaW46bXQtZGFhcGQ=
    
2009-05-29 01:51:55 (b741cb90): Decoded admin:mt-daapd
    
2009-05-29 01:51:55 (b741cb90): Decoded user=admin, pw=mt-daapd
    
2009-05-29 01:51:55 (b741cb90): in main_auth
    
2009-05-29 01:51:55 (b741cb90): Checking url /config.html
    
2009-05-29 01:51:55 (b741cb90): Checking url /config.html
    
2009-05-29 01:51:55 (b741cb90): Dispatching auth for /config.html to config auth
    
2009-05-29 01:51:55 (b741cb90): Added *HTTP_USER=admin*
    
2009-05-29 01:51:55 (b741cb90): Added *HTTP_PASSWD=mt-daapd*
    29/05/2009 at 7:14 AM #18547
    EVILRipper
    Participant

    True, you have a point. However, the person that has access to the log probably also has access to the .conf file. Which also contains the password in text.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • The forum ‘General Discussion’ is closed to new topics and replies.