Defect #28
closedLDAP password are exposed in clear in the logs
0%
Description
debugging information display LDAP password in clear in the developement.log and production.log files.
...cut
Processing AccountController#login (for 10.15.28.114 at 2007-03-28 18:45:37) [POST]
Session ID: 24b78e320a2de5d25615574f8a31e3b2
Parameters: {"action"=>"login", "controller"=>"account",
"login"=>"user11", "password"=>"secretpasswrd"}
User Load (0.002259) SELECT * FROM users WHERE (login='user11') LIMIT 1
AuthSource Load (0.002554) SELECT * FROM auth_sources WHERE (onthefly_register=1)
AuthSource Columns (0.001881) SHOW FIELDS FROM auth_sources
AuthSourceLdap Columns (0.002013) SHOW FIELDS FROM auth_sources
Authenticating 'user11' against 'Company'
DN found for user11: uid=user11,ou=People,o=Company.com
Authentication successful for 'user11'
...cut