Issue #613 has been updated by Clément OUDOT. Status changed from New to Rejected Target version deleted (self-service-password-?)
---------------------------------------- Bug #613: Sensitive info (e.g. reset tokens) in log file http://tools.lsc-project.org/issues/613 Author: Luca Carettoni Status: Rejected Priority: Low Assigned to: Clément OUDOT Category: Self Service Password Target version: SSP writes error messages in Apache error log, in case of exceptions. Best practices suggest to avoid sensitive information in log files. For instance, in case of connectivity problems, the application dumps password reset URLs which can be used to change users passwords. Please find enclosed a patch that should sanitize most of the log entries. I haven't removed usernames from logs as they may be useful for troubleshooting. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
