Actions
Bug #9159
closedPassword stored in plain text in debug.log
Start date:
06/25/2021
Due date:
% Done:
100%
Estimated time:
Chirp Version:
daily
Model affected:
(All models)
Platform:
All
I read the instructions above:
Description
I just attempted to download frequencies from RFinder. The attempt failed. In investigating, I discovered my password stored in plain text in the debug.log file.
Updated by Rudolph Gutzerhagen over 3 years ago
Hey Joe,
do the log entries look like they were created by this code in rfinder.py ?
@def fetch_data(self, user, pw, coords, radius):
"""Fetches the data for a set of parameters"""
LOG.debug(user)
LOG.debug(pw)@
Updated by Joseph Pizzi over 3 years ago
Most definitely. In fact (should have included this), the entries are:
[date/time] chirp.drivers.rfinder - DEBUG:
[date/time] chirp.drivers.rfinder - DEBUG:
Updated by Kosta A. over 3 years ago
- Status changed from New to Resolved
- Assignee set to Kosta A.
- % Done changed from 0 to 100
- Platform changed from Windows to All
Commit pending to mail list to remove clear text logging of password.
Updated by Rudolph Gutzerhagen over 3 years ago
in the mod I was preparing, I would have left some trace of information in the log:
@
- LOG.debug("user id: {userid}".format(userid=user))
- LOG.debug("password: a password of lenght {pwlen} was used"
- .format(pwlen=len(pw)))@
Updated by Kosta A. over 3 years ago
- Status changed from Resolved to Closed
Applied in changeset commit:5e0cd9dc53b6.
Actions