Hiding Passwords in Debug Output

Alan DeKok aland at deployingradius.com
Fri Sep 22 19:58:51 CEST 2006


"Garber, Neal" <Neal.Garber at energyeast.com> wrote:
> I understand that it is sometimes useful to display the plain-text
> password in the debug output; however, I consider this a security
> exposure.  I'd like to see a configuration option (e.g.,
> debug_show_passwords or something similar) with a default of no, that
> when set to false/no would write "********" instead of a plain-text
> password in debug output.

  In one word: No.

  The whole purpose of debugging mode is to print out what the server
is doing.  Hiding information is a guaranteed way to create problems.

  You can also do:

$ radiusd -X | sed 's/password.*/password/g;s/Password.*/Password/g'

  So why hack the server?  Write a wrapper script for your
installation, and call it "secure".

  A slightly different response is:

  a) Why is it a security exposure?  You haven't explained.
     You're really saying that it's a security exposure to show passwords
     to the administrator who has permission to stop and start the server?

  b) If the default is changed to not show the passwords, are *you*
     going to answer umpteen questions on this list about "why does the
     password show up as ***"?

  I am strongly opposed to this kind of "security".  It makes life
difficult for everyone else, and has essentially no security benefit
for you, either.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list