ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1638166] Re: trace leaks user IDs and passwords

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1638166@xxxxxxxxxxxxxxxxxx>
Date: Sun, 06 Nov 2016 00:47:04 -0000
Reply-to: Bug 1638166 <1638166@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package online-accounts-api -
0.1+17.04.20161101-0ubuntu1

---------------
online-accounts-api (0.1+17.04.20161101-0ubuntu1) zesty; urgency=medium

  * Disable debug output by default (LP: #1638166)

 -- Alberto Mardegan <mardy@xxxxxxxxxxxxxxxxxxxxx>  Tue, 01 Nov 2016
11:09:36 +0000

** Changed in: online-accounts-api (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to online-accounts-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1638166

Title:
  trace leaks user IDs and passwords

Status in webapps-sprint:
  In Progress
Status in online-accounts-api package in Ubuntu:
  Fix Released

Bug description:
  When using the online accounts qt API, I see trace produced in my
  tests such as this:

  reply data: QMap(("AccessToken", QVariant(QString,
  "access_token"))("ExpiresIn", QVariant(int, 0))("GrantedScopes",
  QVariant(QStringList, ("scope1", "scope2"))))

  This is undesirable because it spams stderr; please remove the trace.

  Worse, it  looks like the user ID and password are printed here in
  plain text. For example, in the owncloud provider tests, we see this:

  reply data: QMap(("Password", QVariant(QString, "pass"))("Username",
  QVariant(QString, "user")))

To manage notifications about this bug go to:
https://bugs.launchpad.net/webapps-sprint/+bug/1638166/+subscriptions