Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#20 password recording

open
nobody
None
5
2010-01-05
2010-01-05
Rock
No

there is a slight problem with how the keylogger works.
It logs the admin password when someone logs in.
I fied it temporarily by putting the logs in an encrypted directory, but...
Could you add a feature to remove text from the logfile, such as the admin password?

Discussion

  • nanotube
    nanotube
    2010-01-06

    Hi

    right now the logger just logs everything that comes its way sequentially, and writes it out to the file. it is essentially agnostic of the past, focusing on each incoming event individually.

    if there was some setting where you could input a list of sequences not to log, now every time we have to check if we happen not to have 'tripped' one of the specified sequences, by looking back at previous input.

    furthermore, even if this is implemented, this would break if you arrow-around or backspace while typing in the password, if the minute rolls over and the data line gets written out to disk somewhere in the middle of writing the specified sequence, etc.

    and yet more, this would require you to /input/ your passwords or whatever sequences you don't want logged, and these would now be stored in the .ini file somewhere, but still, stored on disk.

    so in all, it seems to be that implementing this idea would be a lot of work for no gain.

     
  • doubledeuce
    doubledeuce
    2010-01-06

    I don't know exactly what "admin password" you're referring to, but could you not add that process to the 'Applications Not Logged' configuration option?

     
  • Rock
    Rock
    2010-01-06

    Good idea... Could you add that suggestion to the docs? It would make keeping passwords encrypted easy.

     
  • nanotube
    nanotube
    2010-01-06

    hm, guess so. :)

     
  • Rock
    Rock
    2010-01-06

    Thx :)