Suggestion: Don't log password

rienafairefr / pynYNAB

a python client for the new YNAB

MIT License

138 stars 12 forks source link

Suggestion: Don't log password #40

Closed rossdargan closed 7 years ago

rossdargan commented 7 years ago

At the minute the password gets put into the debug log. Might be worth just excluding that field.

rienafairefr commented 7 years ago

I totally agree with that. Ill push a modification soon

rienafairefr commented 7 years ago

To add to that issue, If I think about it, the way the pynynab/scripts commands work, the user is supposed to be providing the password in the command line arguments, which is really bad as I've read it.... But it doesnt concern users of the library who don't use the provided scripts as monzo-ynab does

cc2eba4c11f5bb8ee1289654a73639e55168f562 hides the password in the nYnabConnection logs, do you see somewhere else where this information leaks ?

scottrobertson commented 7 years ago

Looks good to me