Univention Bugzilla – Bug 40287
App Center log shows the password of user
Last modified: 2016-02-04 14:09:56 CET
The log file appcenter.log in the directory /var/log/univention/ shows in plain text the password of the user that is installing the application, as following: 21135 actions.register 15-12-17 23:30:44 [ DEBUG]: Calling with Namespace(apps=None, do_it=None, help='==SUPPRESS==', noninteractive=False, password='PASSWORD_EXAMPLE', pwdfile=None, register_task=None, username='USERNAME_EXAMPLE') The debug level of the system I was using was set to 2. I think the log files shouldn't show the password of the user for security reasons.
Thanks for the report! Fixed in univention-appcenter 5.0.19-34.92.201512181038 - self.debug('Calling with %r' % namespace) + self.debug('Calling %s' % self.get_action_name())
Yes, the password is not logged anymore. @Dirk: There is also some logging of command arguments for docker but it seems only to contain password-files :) YAML: OK
<http://errata.software-univention.de/ucs/4.1/79.html>