2010/5/10 Andre Zepezauer <andre.zepeza...@student.uni-halle.de>: > There is another issue with the output of debug messages. It is that the > users pin will be log by default. This can only be disabled at > compilation time. I assume that there will be always some systems where > debug is enabled. This is not a recommended practise, but could be > happen accidentally of course. > > In my opinion, logging the users pin brings no real benefits, but can > cause serious harm to some operators. Therefore I would recommend to > drop this feature. Corresponding patch is attached.
Fixed in revision 449. Instead of removing the log feature I now use: #ifdef DEBUG_SHOW_PASSWORD instead of: #ifndef DEBUG_HIDE_PASSWORD So by default no PIN is logged. But the code to log it if needed is still present (but not active) > The second patch improves error handling and removes the attempt to > clear a string of length zero. Which is in all cases a nop. Some changes fixed in revisions 450 and 451. Why do you check for pin == NULL? Is NULL a valid return value for getpass()? Not from my manpage. So patch rejected for now. Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
