Hiding Passwords in Debug Output
Alan DeKok
aland at deployingradius.com
Fri Sep 22 19:58:51 CEST 2006
"Garber, Neal" <Neal.Garber at energyeast.com> wrote:
> I understand that it is sometimes useful to display the plain-text
> password in the debug output; however, I consider this a security
> exposure. I'd like to see a configuration option (e.g.,
> debug_show_passwords or something similar) with a default of no, that
> when set to false/no would write "********" instead of a plain-text
> password in debug output.
In one word: No.
The whole purpose of debugging mode is to print out what the server
is doing. Hiding information is a guaranteed way to create problems.
You can also do:
$ radiusd -X | sed 's/password.*/password/g;s/Password.*/Password/g'
So why hack the server? Write a wrapper script for your
installation, and call it "secure".
A slightly different response is:
a) Why is it a security exposure? You haven't explained.
You're really saying that it's a security exposure to show passwords
to the administrator who has permission to stop and start the server?
b) If the default is changed to not show the passwords, are *you*
going to answer umpteen questions on this list about "why does the
password show up as ***"?
I am strongly opposed to this kind of "security". It makes life
difficult for everyone else, and has essentially no security benefit
for you, either.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list