60a7aa40-7ec6-4cf9-8645-78621ac9bad8
commented
2 years ago >>> import xmlrpc.client
>>> xmlrpc.client.ServerProxy('https://login:password@example.com')
<ServerProxy for login:password@example.com/RPC2>Because this repr is included in error messages, this can lead to leaking the password:
>>> xmlrpc.client.ServerProxy('https://login:password@example.com').method()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.7/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.7/xmlrpc/client.py", line 1452, in __request
verbose=self.__verbose
File "/usr/lib/python3.7/xmlrpc/client.py", line 1154, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib/python3.7/xmlrpc/client.py", line 1187, in single_request
dict(resp.getheaders())
xmlrpc.client.ProtocolError: <ProtocolError for login:password@example.com/RPC2: 404 Not Found>
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields: ```python assignee = None closed_at = None created_at =
labels = ['library']
title = 'xmlrpc.client.ServerProxy shows password in __repr__ when using basic authentication'
updated_at =
user = 'https://github.com/perrinjerome'
```
bugs.python.org fields:
```python
activity =
actor = 'perrinjerome'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['Library (Lib)']
creation =
creator = 'perrinjerome'
dependencies = []
files = []
hgrepos = []
issue_num = 46840
keywords = []
message_count = 1.0
messages = ['413870']
nosy_count = 1.0
nosy_names = ['perrinjerome']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = None
url = 'https://bugs.python.org/issue46840'
versions = []
```
Linked PRs