|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: SASL for fun and profit
From: Wietse Venema (wietse
porcupine.org)Date: Tue May 16 2000 - 17:38:25 CDT
- Next message: Wietse Venema: "Re: SASL for fun and profit"
- Previous message: Tony Arcus: "Distribution"
- In reply to: Ari Gordon-Schlosberg: "Re: SASL for fun and profit"
- Next in thread: Ari Gordon-Schlosberg: "Re: SASL for fun and profit"
- Next in thread: Wietse Venema: "Re: SASL for fun and profit"
- Reply: Wietse Venema: "Re: SASL for fun and profit"
- Reply: Ari Gordon-Schlosberg: "Re: SASL for fun and profit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ari Gordon-Schlosberg:
> [Wietse Venema <wietseporcupine.org>]
> > > (5) When using verbose logging (f.i. with $debug_peer_list) the password
> > > is written to the logs in clear text. Not a huge security issue,
> > > but still.
> >
> > That can't change. The verbose log is for debugging. Having
> > to run gdb on the running process is too intrusive.
>
> Perhaps there should be a warning about this in the SASL documentation.
Oh, come on. Warning, hot water is hot. No-one is supposed to use
verbose logging unless absolutely necessary.
Wietse
- Next message: Wietse Venema: "Re: SASL for fun and profit"
- Previous message: Tony Arcus: "Distribution"
- In reply to: Ari Gordon-Schlosberg: "Re: SASL for fun and profit"
- Next in thread: Ari Gordon-Schlosberg: "Re: SASL for fun and profit"
- Next in thread: Wietse Venema: "Re: SASL for fun and profit"
- Reply: Wietse Venema: "Re: SASL for fun and profit"
- Reply: Ari Gordon-Schlosberg: "Re: SASL for fun and profit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]