[rt-users] Security risk! Passwords can be compromised!
Jesse Vincent
jesse at bestpractical.com
Tue Feb 3 18:06:46 EST 2009
On Tue 3.Feb'09 at 4:53:16 -0600, Dave Sherohman wrote:
> On Mon, Feb 02, 2009 at 06:16:38PM -0500, Jesse Vincent wrote:
> > Thankfully, at first glance, it looks like the issue you've run into
> > isn't particularly dangerous. RT ships with stack trace logging
> > disabled and _generally_ the folks who have access to application logs
> > are also the folks who manage the application.
The docs for 'LogStackTrace' have been updated as follows. How do
folks feel about the new notice?
If set to a log level then logging will include stack
traces for messages with level equal to or greater than
specified.
NOTICE: Stack traces include parameters that functions or methods
were called wiht. It is possible for stack trace logging to revealsensitive information such as passwords or ticket content in yourlogs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090203/98071287/attachment.sig>
More information about the rt-users
mailing list