[ZCM] [ZC] 1863/ 1 Request "PAS session password exposed in
errorlog"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Thu Aug 11 15:24:20 EDT 2005
Issue #1863 Update (Request) "PAS session password exposed in errorlog"
Status Pending, Zope/bug medium
To followup, visit:
http://www.zope.org/Collectors/Zope/1863
==============================================================
= Request - Entry #1 by wlang on Aug 11, 2005 3:24 pm
Uploaded: "passwordInSession.diff"
- http://www.zope.org/Collectors/Zope/1863/passwordInSession.diff/view
We use PAS Session Authentication Plugin, which stores
username and password in SESSION (__ac_name, __ac_password).
This means, that the password is exposed in the SiteErrorlog.
The attached patch uses the same filter, which is used
for the Request object, to hide passwords.
It is tested with Zope-2.7.2, but should work also for
Zope-2.7.7.
==============================================================
More information about the Zope-Collector-Monitor
mailing list