Akash wrote: > Well, the point is that it is wrong for anyone (even the admin) to know the > passwords of any user "in the clear" just by looking at the log files. > (How someone can obtain the passwords is a different matter.)
I disagree. On rare occasions, characters *within* a password can cause problems - especially in systems where there are proxies or other handlers such as FastCGI or mod_perl2 which can exert their own translations to the data they handle. It's always useful, in that event, to be able to switch the debug level up and see what data the application is processing. I've seen several system problems in the past caused by poor, limited or non-existent escaping of characters in passwords which get translated into something else by the processing system. Think UTF-8 to other charset conversions, for example. It shouldn't be the normal mode of operation, but a high level of debug info is always a useful tool to have. Graeme -- Graeme Fowler Team Manager, Internet Services and Software Solutions, IT Services Loughborough University, UK T: +44 1509 226014 E: g.e.fow...@lboro.ac.uk _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com