Open drhirn opened 4 years ago
uberbrady
commented
4 years ago I was able to reproduce this too, and I talked it over with @snipe and our current thinking is that if you only get it when you're in Debug mode, then it's probably OK.
Can you confirm you were in Debug mode? Because if not - yes, you're absolutely right, this is definitely not something we want to do at all.
drhirn
commented
4 years ago Yes, I was in Debug mode. Should have stated this.
Nevertheless I'm still thinking, this is a bad idea. Debug mode or not.
drhirn
commented
4 years ago Tested again. Doesn't matter if Debug mode or not. The credentials are always in laravel.log.
uberbrady
commented
4 years ago Yeah, that is very not cool. I don't know how we can tell the library that we're consuming not to do that though. I'll try and figure something out.
While writing an issue about an error while logging in using an LDAP user ( #8510 ), I noticed that I had username and password of the user in the stack-trace and the logfile. Not quite sure, if this is a good thing.
#2 /data/vhosts/snipeit/app/Http/Controllers/Auth/LoginController.php(146): App\\Services\\LdapAd->ldapLogin('<user>', '<password>')Using: