Connecting to bincimap 1.1.8 with mutt with no SSL I get this in my log:
Client con[11639]: Client connected to Binc IMAP from ?
allow-plain[11640]: User <bk> entered authenticated mode.
allow-plain[11640]: Shutting down - bodies:17 statements:8
PASSWORD[11639]: Error, shutting down: readChar EOF
PASSWORD[11639]: Input warning, shutting down: in Broker::parse, in expectTag, in
expectTagChar, readChar EOF
PASSWORD[11639]: Shutting down - read:301 wrote:8295
Of course instead of PASSWORD my actually password is logged.
FWIW With SSL enabled I get the following when I connect with mutt:
true[11675]: Client connected to Binc IMAP from ?
allow-plain[11676]: User <bk> entered authenticated mode.
allow-plain[11676]: Shutting down - bodies:17 statements:8
true[11675]: Error, shutting down: SSL error: client disconnected
true[11675]: Input warning, shutting down: in Broker::parse, in expectTag, in
expectTagChar, SSL error: client disconnected
true[11675]: Shutting down - read:301 wrote:8276
I really don't like the idea of my password being all over my logs. How
can I fix this?
Similarly, is there any easy patch I can apply so all bincimap logs
are prepended with "bincimap[pid]" instead of "Client con[pid]",
"allow-plain[pid]", "true[pid]", etc.?
I tried looking through the source but my C++ knowledge is extremely
limited. I was not able to figure out how my password (or "Client con",
"allow-plain", "true", etc) were being logged at all. Those strings
are in the source but they never are logged!
confused,
brian
