On Thu, Feb 5, 2009 at 3:47 PM, Jesse Vincent <[email protected]> wrote: > > > > On Tue 3.Feb'09 at 22:37:59 -0500, Isaac Vetter wrote: >> > The docs for 'LogStackTrace' have been updated as follows. How do >> > folks feel about the new notice? >> > >> > If set then logging will include stack >> > traces for messages with level equal or greater than >> > specified. >> > >> > NOTICE: Stack traces include parameters that functions or methods >> > were called with. It is possible for stack trace logging to reveal >> > sensitive >> > information such as passwords and ticket content in your logs. >> >> Jesse, >> >> Since you're asking (and towards the goal of something useful coming from >> this thread). :) >> >> I would say that, in this case, you shouldn't end a sentence with a >> preposition. >> >> How about: >> "Stack traces include the parameters of called functions." >> or >> "Stack traces include the parameters used within methods and functions." >> or >> ... > > I've just checked in this: > > NOTICE: Stack traces include parameters supplied to functions or > methods. It is possible for stack trace logging to reveal sensitive > information such as passwords or ticket content in your logs.
That sounds perfect. Once i was done testing ExternalAuth, i turned off stack traces then manually blew away those sections of the logs that contained the passwords anyway, just to keep in paranoia practice. -- /chown -R us:us /yourbase _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
