From: Matthew S. <yo....@gm...> - 2006-08-27 22:59:57
|
Hi All Another possible security leak is that when displaying fedora error messages, the dump of the soap transaction shows the fedora password. While it's handy to have this information, maybe it's best not to spew this out to the screen unless you are an administrator. To make this modification, you could edit class.fedora_api.php. Find openSoapCall and change the if statement to have Auth::isAdministrator() on the front like this: if (Auth::isAdministrator() && $debug_error && is_array($result) && (isset($result['faultcode']) || $call == 'addDatastream')) { Error_Handler::logError(array(print_r($result,true),Fedora_API::debugInfo($client, true)), __FILE__,__LINE__); } Matt |