** Changed in: mahara/15.04
Status: Fix Committed => Fix Released
** Changed in: mahara/15.10
Status: Fix Committed => Fix Released
** Changed in: mahara/16.04
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1570221
Title:
Don't print parameter values in logs, in productionmode
Status in Mahara:
Fix Committed
Status in Mahara 15.04 series:
Fix Released
Status in Mahara 15.10 series:
Fix Released
Status in Mahara 16.04 series:
Fix Released
Status in Mahara 16.10 series:
Fix Committed
Bug description:
Following on from Bug 1567186, even scrubbing out parameters that we
know to be passwords, is not a fool-proof way to keep passwords and
sensitive data out of the logs. Params might be misnamed, or sensitive
data might be passed through general-purpose functions.
The only surefire way to prevent secure data from being printed to the
logs, is to avoid printing parameter values in stacktraces at all.
However, parameter values are useful for debugging, so I think we
should show them productionmode=false, and hide them when
productionmode=true.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1570221/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
