ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #04530
[Bug 1638166] Re: trace leaks user IDs and passwords
** Changed in: webapps-sprint
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to online-accounts-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1638166
Title:
trace leaks user IDs and passwords
Status in webapps-sprint:
Fix Released
Status in online-accounts-api package in Ubuntu:
Fix Released
Bug description:
When using the online accounts qt API, I see trace produced in my
tests such as this:
reply data: QMap(("AccessToken", QVariant(QString,
"access_token"))("ExpiresIn", QVariant(int, 0))("GrantedScopes",
QVariant(QStringList, ("scope1", "scope2"))))
This is undesirable because it spams stderr; please remove the trace.
Worse, it looks like the user ID and password are printed here in
plain text. For example, in the owncloud provider tests, we see this:
reply data: QMap(("Password", QVariant(QString, "pass"))("Username",
QVariant(QString, "user")))
To manage notifications about this bug go to:
https://bugs.launchpad.net/webapps-sprint/+bug/1638166/+subscriptions