Univention Bugzilla – Bug 40287
App Center log shows the password of user
Last modified: 2016-02-04 14:09:56 CET
The log file appcenter.log in the directory /var/log/univention/ shows in plain text the password of the user that is installing the application, as following:
21135 actions.register 15-12-17 23:30:44 [ DEBUG]: Calling with Namespace(apps=None, do_it=None, help='==SUPPRESS==', noninteractive=False, password='PASSWORD_EXAMPLE', pwdfile=None, register_task=None, username='USERNAME_EXAMPLE')
The debug level of the system I was using was set to 2.
I think the log files shouldn't show the password of the user for security reasons.
Thanks for the report!
- self.debug('Calling with %r' % namespace)
+ self.debug('Calling %s' % self.get_action_name())
Yes, the password is not logged anymore.
@Dirk: There is also some logging of command arguments for docker but it seems only to contain password-files :)