Mailinglist Archive: yast-devel (42 mails)
| < Previous | Next > |
Re: [yast-devel] Use URL::HidePassword() when logging an URL
- From: Stefan Hundhammer <sh@xxxxxxx>
- Date: Wed, 26 Nov 2008 11:47:53 +0100
- Message-id: <200811261147.53432.sh@xxxxxxx>
On Mittwoch, 26. November 2008, Ladislav Slezak wrote:
I don't think this can be done in the general case: Both the YCP interpreter
and the UI are logging entire statements or statement snippets. You can never
tell what part of that might contain confidential data like passwords.
Example:
UI::OpenDialog(`VBox(..., `Password( _( "Password:" ), "b1g*s3cr3t", ...);
In full debug mode, the YCP interpreter will write this to the log, and if
there is a YCP or a UI syntax error or another UI exception, the offending
statement (which might easily contain something like the above example) will
be logged.
CU
--
Stefan Hundhammer <sh@xxxxxxx> Penguin by conviction.
YaST2 Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Nürnberg, Germany
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx
And of course, this won't help if Y2DEBUG is enabled. We would need a new
datatype or a flag in the interpreter to fix it with Y2DEBUG enabled.
I don't think this can be done in the general case: Both the YCP interpreter
and the UI are logging entire statements or statement snippets. You can never
tell what part of that might contain confidential data like passwords.
Example:
UI::OpenDialog(`VBox(..., `Password( _( "Password:" ), "b1g*s3cr3t", ...);
In full debug mode, the YCP interpreter will write this to the log, and if
there is a YCP or a UI syntax error or another UI exception, the offending
statement (which might easily contain something like the above example) will
be logged.
CU
--
Stefan Hundhammer <sh@xxxxxxx> Penguin by conviction.
YaST2 Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Nürnberg, Germany
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx
| < Previous | Next > |