I want this so badly, please implement

cym13 via Digitalmars-d digitalmars-d at puremagic.com
Wed Apr 13 06:17:57 PDT 2016


On Wednesday, 13 April 2016 at 08:48:56 UTC, Kagamin wrote:
> On Tuesday, 12 April 2016 at 08:51:23 UTC, Kapps wrote:
>> Amongst other things, you'd log sensitive data like passwords, 
>> which should never be stored anywhere in plain text, including 
>> log files. This is one of the reasons to not use GET for 
>> anything sensitive.
>
> With Adam's idea sensitive data can still accidentally leak 
> into this extended diagnostic mechanism.

There's a world between exceptionnaly getting a user password in 
order to detect and solve a bug through an error message and 
knowingly logging every single user password, be it only on the 
legal side. In France for example you don't have the right to log 
most sensitive things. On the security side it's the same thing: 
the chances for an attacker to retrieve a password by server 
crashing are quite small, while getting his hands on the log file 
would be a goldmine.


More information about the Digitalmars-d mailing list