On Wednesday, 13 April 2016 at 14:47:42 UTC, Kagamin wrote:
On Wednesday, 13 April 2016 at 13:17:57 UTC, cym13 wrote:
There's a world between exceptionnaly getting a user password
in order to detect and solve a bug through an error message
and knowingly logging every single user password, be it only
on the legal side.
The latter shouldn't be needed. When you log everything, you
just write garbage logs, that are impractical to process.
Logging everything is illegal in many countries (for good
reasons) and when I see how easy it is to make sense of a huge
bunch of TCP packets, reverse a binary or even a file format I
sincerely think you are either trollish, naive or misguided when
it comes to logs.
Then again it has little to do with the problem in the first
place: getting better error messages is easy to achieve and would
be a clear gain.
