Issue #613 has been reported by Luca Carettoni. ---------------------------------------- Bug #613: Sensitive info (e.g. reset tokens) in log file http://tools.lsc-project.org/issues/613
Author: Luca Carettoni Status: New Priority: Low Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? SSP writes error messages in Apache error log, in case of exceptions. Best practices suggest to avoid sensitive information in log files. For instance, in case of connectivity problems, the application dumps password reset URLs which can be used to change users passwords. Please find enclosed a patch that should sanitize most of the log entries. I haven't removed usernames from logs as they may be useful for troubleshooting. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
