On 08/04/2014 11:46 PM, David Zych wrote:
>> check all SQL clauses and modify the default ConnectionHook and
>> NoConnectionsHook because by default they log the DBAuth password.
>
> I've noticed that, and I really wish they didn't. Any chance of making
> this a non-default behavior you have to explicitly turn on?
I think we could simply change the hooks to log the DBAuth values as
'**obscured**' that's the placeholder value used in some other places
too. To turn it back on, the hook can be explicitly configured to log
the password too.
>> However, one idea is to support %{GlobalVar:nnn} as the only formatter
>> for these, and possibly some other, values.
>
> P.S. FWIW, I like this idea. :)
I'll see if a patch can be made for this and let the list know when this
is available. Thanks to Johannes too for his comments.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
