Closed Jollyfant closed 10 months ago
Then the application has to parse the URI and remove or obfuscate the password. This hasn't been done and maybe it is not even necessary as the interface implementation log already errors. Simply getting rid of those lines or at least the URI in the log should do the trick. Could you propose something and test it on your end?
Yeah probably removing the %s
part of the logging is good. The messages can stay but without information. I will test it and submit a PR for it.
See #115
I will pick the changes next week. They will be part of a bugfix release as 6.0.1 is already out.
Hi, the full database string including password is logged when the
-d
or--database
flag is used. There are various places in the following function this can occur:https://github.com/SeisComP/common/blob/master/libs/seiscomp/client/application.cpp#L1823.
It would probably be better to obfuscate the password like is done in other places.