#20 password recording

[Rock]

there is a slight problem with how the keylogger works.
It logs the admin password when someone logs in.
I fied it temporarily by putting the logs in an encrypted directory, but...
Could you add a feature to remove text from the logfile, such as the admin password?

[nanotube]

Hi

right now the logger just logs everything that comes its way sequentially, and writes it out to the file. it is essentially agnostic of the past, focusing on each incoming event individually.

if there was some setting where you could input a list of sequences not to log, now every time we have to check if we happen not to have 'tripped' one of the specified sequences, by looking back at previous input.

furthermore, even if this is implemented, this would break if you arrow-around or backspace while typing in the password, if the minute rolls over and the data line gets written out to disk somewhere in the middle of writing the specified sequence, etc.

and yet more, this would require you to /input/ your passwords or whatever sequences you don't want logged, and these would now be stored in the .ini file somewhere, but still, stored on disk.

so in all, it seems to be that implementing this idea would be a lot of work for no gain.

[doubledeuce]

I don't know exactly what "admin password" you're referring to, but could you not add that process to the 'Applications Not Logged' configuration option?

[Rock]

Good idea... Could you add that suggestion to the docs? It would make keeping passwords encrypted easy.

[nanotube]

hm, guess so. :)

[Rock]

Thx :)