Mahara

Bug #1009262
Comment #3

Comment 3 for bug 1009262

Revision history for this message

Craig Miskell (3-crjig-7) wrote on 2012-06-06: Re: [Bug 1009262] Re: User passwords logged when LDAP misconfigured

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/06/12 12:55, Richard Mansfield wrote:
> Also discussed publicly at
> https://mahara.org/interaction/forum/topic.php?id=1727 - in that
> thread Nigel seemed to think it wasn't worth the hassle to filter
> them out, but maybe we should have another look.
Good to see it's been noticed before. To add to the discussion, the
particular trouble with the LDAP case is that the password is almost
invariably going to mean something elsewhere than just Mahara (e.g. in
the Catalyst case, a lot of other systems). If it was just the mahara
password, it wouldn't be quite so bad.

Although I suppose an evil administrator could just modify the PHP and
log the passwords elsewhere.

In this specific case, it looks like the password is passed as a
string argument which gets automatically dumped in the stacktrace.
Perhaps a simple solution would be to embed it in an object which gets
passed around, thus hiding it from exposure in stack traces.

- --
Craig Miskell
Systems Administrator, Catalyst IT
DDI: +64 4 8020427
==
Some of us here are sysadmins, and network admins, and even Windows
admins. Clubbing baby harp seals would a socially acceptable step
*up*. -- butting on ARK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPzrETAAoJENezkH+p+mMX3YYP/0FLoInTS2OjcfXMj5GY6I5Q
Q3vWS1TIy1ZdYmZhSIQ0T8o/ZxlaGfi2s8+MzczS8eXZc6Pk21eYE0BHBWIS3Z4J
ptVMF9mO1LowxEUyWbrycEYf6dFbuSid8jFqb/cy6x1ygNbI9XRuzUYn14Nm5sGa
EMO2u84XdirX49CBik41mJvFL6EmFsL0MF5Nrzh7wWXngGxT5vJ7qYXz/BOrRFaa
HJf9DxqWvJevure0KChXCQG7a7OnRTv6YvRdYX7jJjiA2SjZAOcuSytVN4XrcE69
eW7UjyjJf4Wa8pdwBzxdPQ713g9eZtFNeCt+nSwXkLFLGNa9jAirbmRLz2ktDy6e
SSB73TsPrJw2pbrY6UpgBpX442Ye1BUIK4cqQFNUfqvCcwpGLHo9w70yodOFTSM9
n4P3jjKuRXjWXDtwPH4sOqjkK/kCNVFG8gbwv0t0Ff9HT8CMVlvgUQ4tgAn0Qi3z
tOR0gsEz6xjFH+Z38+hj59G8F08AEAjMbSwW22B5b6FzBb7NtRR4GTYoccgloq9g
yoCB+Q3006IrGeUCysWPLD0nakop1HmteSCOW5GZtbXXAABGUIvyBFkTMb8s9Opb
eE3OuLmTYeeIOqwQ7ZAMzEEkulNnQF/E860dQc0lLC8NuLg12U/bmSTnYwNzwUQ7
Hyhf/LxSG253+z8OWg7I
=GB8+
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/06/12 12:55, Richard Mansfield wrote:
> Also discussed publicly at 
> https://mahara.org/interaction/forum/topic.php?id=1727 - in that
> thread Nigel seemed to think it wasn't worth the hassle to filter
> them out, but maybe we should have another look.
Good to see it's been noticed before.  To add to the discussion, the
particular trouble with the LDAP case is that the password is almost
invariably going to mean something elsewhere than just Mahara (e.g. in
the Catalyst case, a lot of other systems).  If it was just the mahara
password, it wouldn't be quite so bad.

Although I suppose an evil administrator could just modify the PHP and
log the passwords elsewhere.

- -- 
Craig Miskell
Systems Administrator, Catalyst IT
DDI: +64 4 8020427
==
Some of us here are sysadmins, and network admins, and even Windows
admins.  Clubbing baby harp seals would a socially acceptable step
*up*.    -- butting on ARK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/