← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #34296

[Bug 1567186] A change has been merged

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://reviews.mahara.org/6386
Committed: https://git.mahara.org/mahara/mahara/commit/0d45baa3467c9da6debdcebdb17634525017b931
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    15.10_STABLE

commit 0d45baa3467c9da6debdcebdb17634525017b931
Author: Aaron Wells <aaronw@xxxxxxxxxxxxxxx>
Date:   Thu Apr 14 19:07:46 2016 +1200

Bug 1567186: More thorough checking for passwords in stacktraces

Rather than having an increasing list of specific parameters
that we know to have passwords, this patch censors the content
of any parameter with a name that contains the string "password"
or "pw".

behatnotneeded: Can't test with Behat

Change-Id: Ifaa2ec10cf749c173b1a8d0928c6cc052124a83f
(cherry picked from commit ae4523770e5047d9c9fd17c38f5cdddf86ece437)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1567186

Title:
  Passwords can accidentially end up in logs from badly made plugins

Status in Mahara:
  Fix Committed
Status in Mahara 1.10 series:
  In Progress
Status in Mahara 15.04 series:
  In Progress
Status in Mahara 15.10 series:
  Fix Committed
Status in Mahara 16.04 series:
  Fix Committed
Status in Mahara 16.10 series:
  Fix Committed

Bug description:
  We have some code that suppresses the passwords in logs for LiveUser
  and for AuthLdap

  But we need to extend it out to be more encompassing

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1567186/+subscriptions

References

  Thread PreviousDate PreviousThread Next