ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #04498
[Bug 1638166] Re: trace leaks user IDs and passwords
** Branch linked: lp:~mardy/online-accounts-api/debug-1638166
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to online-accounts-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1638166
Title:
trace leaks user IDs and passwords
Status in online-accounts-api package in Ubuntu:
In Progress
Bug description:
When using the online accounts qt API, I see trace produced in my
tests such as this:
reply data: QMap(("AccessToken", QVariant(QString,
"access_token"))("ExpiresIn", QVariant(int, 0))("GrantedScopes",
QVariant(QStringList, ("scope1", "scope2"))))
This is undesirable because it spams stderr; please remove the trace.
Worse, it looks like the user ID and password are printed here in
plain text. For example, in the owncloud provider tests, we see this:
reply data: QMap(("Password", QVariant(QString, "pass"))("Username",
QVariant(QString, "user")))
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/online-accounts-api/+bug/1638166/+subscriptions