Tracker: Bugs
Version: DenyHosts 2.6
File:DenyHosts/prefs.py
Function: DenyHosts.prefs.dump_to_logger
Problem: If enabling SMTP authentication for email notification, the deamon
will log password phrase in plaintext while launching.
2008-12-30 19:27:21,861 - prefs : INFO DenyHosts configuration
settings:
.
.
.
2008-12-30 19:27:21,865 - prefs : INFO SMTP_DATE_FORMAT: [%a,
%d %b %Y %H:%M:%S %z]
2008-12-30 19:27:21,865 - prefs : INFO SMTP_FROM: [DenyHosts
<nobody@example.com>]
2008-12-30 19:27:21,865 - prefs : INFO SMTP_HOST:
[smtp.example.com]
2008-12-30 19:27:21,865 - prefs : INFO SMTP_PASSWORD:
[my-secret]
2008-12-30 19:27:21,865 - prefs : INFO SMTP_PORT: [25]
2008-12-30 19:27:21,866 - prefs : INFO SMTP_SUBJECT:
[DenyHosts Report]
2008-12-30 19:27:21,866 - prefs : INFO SMTP_USERNAME:
[myusername]
.
.
.
Workaround: I don't like passwords being logged so i edited
dump_to_logger() in file DenyHosts/prefs.py. This fix checks for settings
key SMTP_PASSWORD and prevents password being logged.
def dump_to_logger(self):
keys = self.__data.keys()
keys.sort()
info("DenyHosts configuration settings:")
for key in keys:
if key == 'USERDEF_FAILED_ENTRY_REGEX':
for rx in self.__data[key]:
info(" %s: [%s]" % (key, rx.pattern))
elif key == 'SMTP_PASSWORD':
info(" %s: [%s]", key, '****')
else:
info(" %s: [%s]", key, self.__data[key])
Nobody/Anonymous
None
None
Public
Comments ( 2 )
|
Date: 2009-04-22 02:20 This Tracker item was closed automatically by the system. It was |
|
Date: 2009-04-07 03:26 Fixed in 2.7 (as soon as it's released, that is) |
Attached File
No Files Currently Attached
Changes ( 6 )
| Field | Old Value | Date | By |
|---|---|---|---|
| status_id | Pending | 2009-04-22 02:20 | sf-robot |
| allow_comments | 1 | 2009-04-22 02:20 | sf-robot |
| close_date | 2009-04-07 03:27 | 2009-04-22 02:20 | sf-robot |
| status_id | Open | 2009-04-07 03:27 | phil_schwartz |
| close_date | - | 2009-04-07 03:27 | phil_schwartz |
| resolution_id | None | 2009-04-07 03:26 | phil_schwartz |
