search

schollz / croc

Easily and securely send things from one computer to another :crocodile: :package:
https://schollz.com/software/croc6
MIT License
28.19k stars 1.12k forks source link

Mask password in logs #837

Closed gamagoat closed 1 week ago

gamagoat commented 1 week ago

I am opening this PR to illustrate an issue.

Passwords should not be written in plaintext to logs, even in debug mode. By masking the password, we can keep it safer and still provide ourselves a way to confirm the value is what we expect.

Some examples of what this will look like in logs:

password -> appearance in logs

- secretpass -> s***s
- pass123 -> p***3
- 123 -> 1***3
- pw -> pw
- p -> p

A minimum password length of 3 would make this even better.

schollz commented 1 week ago

looks good, happy to accept this as a PR, let me know when its ready to merge

gamagoat commented 1 week ago

looks good, happy to accept this as a PR, let me know when its ready to merge

I can remove the TODO comment first if you'd like, otherwise it's ready on my end.

schollz commented 1 week ago

sure