Project

General

Profile

Actions

Defect #28

closed

LDAP password are exposed in clear in the logs

Added by Yacin Bahi over 17 years ago. Updated over 17 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

debugging information display LDAP password in clear in the developement.log and production.log files.

...cut
Processing AccountController#login (for 10.15.28.114 at 2007-03-28 18:45:37) [POST]
Session ID: 24b78e320a2de5d25615574f8a31e3b2
Parameters: {"action"=>"login", "controller"=>"account",
"login"=>"user11", "password"=>"secretpasswrd"}
User Load (0.002259) SELECT * FROM users WHERE (login='user11') LIMIT 1
AuthSource Load (0.002554) SELECT * FROM auth_sources WHERE (onthefly_register=1)
AuthSource Columns (0.001881) SHOW FIELDS FROM auth_sources
AuthSourceLdap Columns (0.002013) SHOW FIELDS FROM auth_sources
Authenticating 'user11' against 'Company'
DN found for user11: uid=user11,ou=People,o=Company.com
Authentication successful for 'user11'
...cut

Actions

Also available in: Atom PDF