smfreegard
commented
9 years ago And your reasoning is? It's used for this https://github.com/baudehlo/Haraka/blob/master/plugins/prevent_credential_leaks.js
Feel free to remove it from your own fork.
Closed celesteking closed 9 years ago
smfreegard
commented
9 years ago And your reasoning is? It's used for this https://github.com/baudehlo/Haraka/blob/master/plugins/prevent_credential_leaks.js
Feel free to remove it from your own fork.
celesteking
commented
9 years ago The reasoning is possibility of password sniffing via rogue plugin that interprets user data. But I'm just theorizing.
I'm against this line:
connection.notes.auth_passwd = credentials[1];