setharnold
commented
3 years ago https://github.com/ClusterLabs/fence-agents/blob/542fb6d95faba1eaeb7c3c980510fb7b2c3ace52/agents/skalar/fence_skalar.py#L213 also appears to be willing to log passwords.
Open setharnold opened 3 years ago
setharnold
commented
3 years ago https://github.com/ClusterLabs/fence-agents/blob/542fb6d95faba1eaeb7c3c980510fb7b2c3ace52/agents/skalar/fence_skalar.py#L213 also appears to be willing to log passwords.
oalbrigt
commented
3 years ago In fence_eps it's only when verbose logging is enabled (and also it's base64 encoded, so not in clear text either). fence_skalar also only does it with --verbose.
https://github.com/ClusterLabs/fence-agents/blob/542fb6d95faba1eaeb7c3c980510fb7b2c3ace52/agents/eps/fence_eps.py#L41
Hello, this appears to log passwords when run with debug logging enabled. Quite often even debug logs don't include authentication credentials, so that administrators can be more confident in sharing logs with others.
Is this intentional and expected?
Thanks