ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #04524
[Bug 1638166] Re: trace leaks user IDs and passwords
This bug was fixed in the package online-accounts-api -
0.1+17.04.20161101-0ubuntu1
---------------
online-accounts-api (0.1+17.04.20161101-0ubuntu1) zesty; urgency=medium
* Disable debug output by default (LP: #1638166)
-- Alberto Mardegan <mardy@xxxxxxxxxxxxxxxxxxxxx> Tue, 01 Nov 2016
11:09:36 +0000
** Changed in: online-accounts-api (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to online-accounts-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1638166
Title:
trace leaks user IDs and passwords
Status in webapps-sprint:
In Progress
Status in online-accounts-api package in Ubuntu:
Fix Released
Bug description:
When using the online accounts qt API, I see trace produced in my
tests such as this:
reply data: QMap(("AccessToken", QVariant(QString,
"access_token"))("ExpiresIn", QVariant(int, 0))("GrantedScopes",
QVariant(QStringList, ("scope1", "scope2"))))
This is undesirable because it spams stderr; please remove the trace.
Worse, it looks like the user ID and password are printed here in
plain text. For example, in the owncloud provider tests, we see this:
reply data: QMap(("Password", QVariant(QString, "pass"))("Username",
QVariant(QString, "user")))
To manage notifications about this bug go to:
https://bugs.launchpad.net/webapps-sprint/+bug/1638166/+subscriptions