Hiding Passwords in Debug Output
Alan DeKok
aland at deployingradius.com
Tue Sep 26 17:32:18 CEST 2006
"Garber, Neal" <Neal.Garber at energyeast.com> wrote:
> That's unfair Alan. I was not trying to *dictate* that other admins
> shouldn't see it - I was proposing that admins should have a choice -
> because, IMO it's not needed to troubleshoot most problems.
It's no more unfair than your comment about why don't I see the need
to keep private information secure...
> I could and it would do most of what I wanted. However, it feels like a
> kludge and everyone on my team would need to remember to filter the
> output when running in debug mode.
Huh? Write a wrapper for the server. That's what shell scripts are
for.
> I just think it's safer (from the perspective of admins that don't
> want/need to see the passwords) to have a config. option that forces
> the suppression.
You have access to the source. Make a patch that you apply and
maintain locally. The main disagreement here is that you want the
patch to be applied to the server, for everyone elses "benefit".
As I hope I'm making clear, that won't happen.
> I've asked questions in an attempt to understand your
> point-of-view and you didn't answer them.
I have responded to every issue of substance you raised. I have
explained *my* position in depth, and given you multiple options for
how to achieve your goal without impacting everyone else using the
server.
Insulting me because I disagree with you pretty much guarantees that
I will never agree with you.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list