ownCloud-sync

User password is captured in log file

Bug #1656645 reported by proedie on 2017-01-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ownCloud-sync	New	Undecided	Unassigned

Bug Description

The OwncloudSyncd.log file contains the complete user credentials like this:

void OCC::DiscoveryMainThread::singleDirectoryJobFinishedWithErrorSlot(int, QString) 22 "Error downloading https://USER:PASSWORD@SERVER/remote.php/webdav/Foldername - server replied: Forbidden"

Obfuscation is needed, IMHO.

See original description

Tags:

proedie (proedie) on 2017-01-15

description:

updated

Revision history for this message

Frank Karlitschek (karlitschek) wrote on 2017-01-15:

Hmm. There is also the question why this log entry is logged at all. Please report this bug upstream. github.com/nextcloud/server

Revision history for this message

proedie (proedie) wrote on 2017-02-05:

Frank, wouldn't it make more sense if you reported this bug? After all I am just a humble end user. I have no idea about the libraries this project uses.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.