[rt-users] Security risk! Passwords can be compromised!

Jesse Vincent jesse at bestpractical.com
Thu Feb 5 15:47:39 EST 2009




On Tue  3.Feb'09 at 22:37:59 -0500, Isaac Vetter wrote:
> > The docs for 'LogStackTrace' have been updated as follows. How do
> > folks feel about the new notice?
> >
> > If set then logging will include stack
> >  traces for messages with level equal or greater than
> > specified.
> >
> > NOTICE: Stack traces include parameters that functions or methods
> > were called with. It is possible for stack trace logging to reveal sensitive
> > information such as passwords and ticket content in your logs.
> 
> Jesse,
> 
> Since you're asking (and towards the goal of something useful coming from
> this thread). :)
> 
> I would say that, in this case, you shouldn't end a sentence with a
> preposition.
> 
> How about:
> "Stack traces include the parameters of called functions."
> or
> "Stack traces include the parameters used within methods and functions."
> or
> ...

I've just checked in this:

NOTICE: Stack traces include parameters supplied to functions or
methods. It is possible for stack trace logging to reveal sensitive
information such as passwords or ticket content in your logs.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090205/d324b71a/attachment.sig>


More information about the rt-users mailing list