On 08/04/2014 08:10 AM, Heikki Vatiainen wrote: > On 07/30/2014 07:02 PM, Johannes Demel wrote: >> I would like to hide all passwords and simular items from the radiator >> configuration file.
My current approach is to put each secret bit of information into a one-line file like: Secret correcthorsebatterystaple or DBAuth qwertyuiop and then have the main config files do e.g.: include %D/private/vpn.secret as needed. Admittedly it's not as flexible as your proposed approach, since they do still have to be plain-text files (whereas a GlobalVar can be populated by any means you like), but it does successfully keep my main config files secret-free. > check all SQL clauses and modify the default ConnectionHook and > NoConnectionsHook because by default they log the DBAuth password. I've noticed that, and I really wish they didn't. Any chance of making this a non-default behavior you have to explicitly turn on? Thanks, David > There are quite likely a lot of secrets etc., that already have % in > them and the change would break them all. > > However, one idea is to support %{GlobalVar:nnn} as the only formatter > for these, and possibly some other, values. P.S. FWIW, I like this idea. :) _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator