Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Censor passwords in logs #1092

Closed
caco3 opened this issue Sep 27, 2022 · 4 comments
Closed

Censor passwords in logs #1092

caco3 opened this issue Sep 27, 2022 · 4 comments

Comments

@caco3
Copy link
Collaborator

caco3 commented Sep 27, 2022

We should censor all passwords in the logs (wifi, mqtt, influxdb, ...)
@jomjol
Copy link
Owner

jomjol commented Sep 27, 2022

Why? If you have access to the serial, then you can access the password anyway. I used them frequently for debugging.
You mean because people send us the logfiles and don't delete the passwords?

@friedpa
Copy link

friedpa commented Sep 27, 2022

I think that is the case :o) Look at all the Logs, you have a nice varity of passwords people using currenttly :o)

@caco3
Copy link
Collaborator Author

caco3 commented Sep 27, 2022

People are not aware that there might be confidential information stored in there.
It would be best practice to censor it (or remove that log line at all).

Being in your house and accessing the USB log is not a real issue :)
But abusing the password and use it with our email address on public website is something else!

@jomjol
Copy link
Owner

jomjol commented Sep 28, 2022

Has been solved for the current rolling.
But in the config.ini the password is still inside.

@caco3 caco3 closed this as completed Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caco3 @jomjol @friedpa