On Wed, 4 Dec 2002 04:22, Peter M. Goldstein wrote: > Darrell, > > Uh, this is not a particularly good idea. > > It would introduce regressions - most notably reintroducing the security > holes where passwords were recorded in log files. Currently the logging > infrastructures for each protocol server are designed to record in the > log all command/replies with the exception of password data and message > content.
Hmmm. You're right, although I wasn't thinking of making it part of standard logging, but a specific debugging tool. Then again, having protocol logging as part of the built-in functionality will help immensely when we need to resolve bug reports for particular clients. > Implementing the same logging method as the other protocol services on > IMAP is relatively trivial. It won't be quite the same. The other protocols work by reading one line at a time and passing this to a command-specific method, where it is parsed, optionally logged, etc. IMAP uses a parser-style approach, where the line is never read in it's entirety. This is important, because IMAP commands often can span multiple lines (eg when "literal" strings are used). Rather than log the raw command, I think I'll construct a log message consisting of the command name and parsed parameter values. -- ciao, Daz -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
