search

metaregistrar / php-epp-client

Object-oriented PHP EPP Client
https://www.metaregistrar.com/docs/
MIT License
210 stars 155 forks source link

New password logged in clear text #174

Closed pfirtelu closed 5 years ago

pfirtelu commented 5 years ago

Hello Just a thought: When enabling log file, and logging in to EPP server, "clID" and "pw" are censored in the log file. But when changing password with $conn->setNewPassword($newpassword); the new password is visible as clear text in log file. Example: `

<login>
  <clID>XXXXXXXXXXXXXXXX</clID>
  <pw>XXXXXXXXXXXXXXXX</pw>
  <newPW>the_password_is_visible_here</newPW>
  <options>
    <version>1.0</version>
    <lang>en</lang>
  </options>
  <svcs>
    ...
  </svcs>
</login>
<clTRID>...</clTRID>

`

metaregistrar commented 5 years ago

Good one! I fixed this in the latest commit.