** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1009262
Title: User passwords logged when LDAP misconfigured Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.7 series: Fix Released Status in Mahara 1.8 series: Fix Released Status in Mahara 1.9 series: Fix Released Bug description: When LDAP is misconfigured, for example pointing to a non-existent LDAP server, the stack trace in the webserver log reports the users password (redacted log snippet to be attached). It is not a major bug, in that the information is only available to the server administrator under normal circumstances (unless log files are not locked down, which does happen sometimes), but it's still bad form and should be avoided if possible. Mahara 1.6.0dev 2012051500 (according to lib/version.php). Running on Ubuntu 10.04 and Apache2. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1009262/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
