tag 341300 + pending patch
thanks
On Wed, Nov 30, 2005 at 09:49:21AM +1100, Richard Jones wrote:
> Definately take it out. In some sense it doesn't matter if its 600,
> as if you can read that file then you are likely to be able to modify
> the executables and capture the password anyway but the purists will
> not buy that argument :-)
Right you are :)
I'll upload 0.6-2 soon (after I get confirmation that #341301 is not
an actual problem), with the following patch applied:
--- gmailfs-0.6/gmailfs.py 2005-11-29 14:54:52.000000000 -0800
+++ /tmp/dpep.qsAPbU/gmailfs-0.6/gmailfs.py 2005-11-29 15:00:19.000000000
-0800
@@ -544,7 +544,10 @@
log.info("Mountpoint: %s" % self.mountpoint)
log.info("Unnamed mount options: %s" % self.optlist)
- log.info("Named mount options: %s" % self.optdict)
+ # obfuscate sensitive fields before logging
+ loggableOptdict = self.optdict.copy()
+ loggableOptdict['password'] = '*' * 8
+ log.info("Named mount options: %s" % loggableOptdict)
# do stuff to set up your filesystem here, if you want
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
