Hello Martin, 1) There is warning in the config regarding using stack traces and how it can reveal secure information. 2) This particular problem has been solved in RT 3.8.8 RC2.
2010/4/20 Martin Drasar <dra...@ics.muni.cz>: > Hi everyone, > when logging into RT having czech keyboard accidentaly set, wide > characters may be accidentally supplied to the password routine. (Czech > keyboard have letters with wedges in the same row as numbers). > This causes error shown in attached page, revealing password to > bystanders as well as needlessly showing RT path. > > I am providing a quick patch that catches the exception generated by > crypt and makes RT behave like ordinary bad password was provided. > > Martin > > -- > Mgr. Martin Drasar dra...@ics.muni.cz > Network Security Department http://ics.muni.cz/ > CSIRT-MU http://www.muni.cz/csirt > Institute of Computer Science, Masaryk University, Brno, Czech Republic > PGP Key ID: 0x944BC925 > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com > -- Best regards, Ruslan. Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
