Do not log passwords

[docwhat]

The logging shows the password in glorious plain text... something like:

[2015/04/07 14:05:56.588] << PASS SekretPassWord

It should show ******** or something instead.

moved from jimmycuadra/lita-irc#10

[dominikh]

This will need to be configurable, as there's many ways of transmitting passwords in IRC. There's PASS, there's talking to NickServ, to Q, and a plethora of other services.

Either we allow adding filters for specific targets and keywords, or we allow censoring words in general and you'd censor your password globally.

Also, this would have to be implemented for every logger separately (currently there's the formatted logger, which is the default, and a logger outputting in the Zcbot format), unless we add a separate filter step, which manipulates message objects before they get passed to the actual logger.

[docwhat]

oy-vey!

Just reading through the IRC adapter, it looks like you build a queue with messages... how about the queue holding a simple message object that has a flag that says if it is secret or not? Then enhance send() to be able to set the logging flag and create-and-queue the message?

[dominikh]

I'd very much prefer to keep IRC and logging separate. I also don't want to add a magic boolean flag to #send. I'm pretty sure that I'll go with the filter approach. It's a nice, separate layer, and it's dynamic enough to hide just specific words in messages, if need be, instead of hiding the whole message.

Finally, it allows people to filter messages sent by 3rd party plugins, without having to patch them to use the right argument to #send.

[ochaochaocha3]

:+1: