Tres Seaver wrote:
> Hanno Schlichting wrote:
>> Removed _filterPasswordFields hack, preventing keys with the exact
>> key 'passw' to be filtered out in one place is just obscurity.
> But you didn't de-obfuscate it, you ripped it out.  Now, the response
> view shows credentials, which is a security hole.

Unless I've misunderstood the code this particular "feature" only worked
for input fields whose name contained "passw" in some form. It didn't
check on input type being password.

As soon as the name is "auth" or anything else the check would fail. It
also only did this filtering in the __str__ representation of the
request, not the text method or any of the other methods to access the
data. I call that security through obscurity.

Dealing with password input type fields is something for a form library
but not a request object in my book.


Repoze-dev mailing list

Reply via email to