Plaintext passwords shown in log

JohnDoee / deluge-client

A very lightweight pure-python Deluge RPC Client

MIT License

87 stars 14 forks source link

Plaintext passwords shown in log #30

Closed scstraus closed 5 years ago

scstraus commented 5 years ago

Currently the client shows plaintext passwords in the log as shown:

Calling reqid 4 method 'daemon.login' with args:('USERNAME', 'PASSWORD') kwargs:{}

Could this be removed or at least made optional?

JohnDoee commented 5 years ago

Sure!

Keep in mind that the password is also in clear-text in the auth file.

scstraus commented 5 years ago

Thanks! I use it within Home Assistant. My auth keys I keep in a secrets file which I don't have to share. But sometimes people ask for logs for debugging, and it's nice to not have to search them top to bottom for passwords.

JohnDoee commented 5 years ago

That's fair

I wonder if it'd be smart to filter other stuff out too or just straight up remove command arguments.

Anyways, the password is gone with 1.7.1, thanks for reporting it!

scstraus commented 5 years ago

Wow thanks for the quick fix! For me, removal of password is enough.