Subject: The mailing list for listmasters using Sympa
List archive
- From: Peck Chris <address@concealed>
- To: Sympa Users <address@concealed>
- Subject: [sympa-users] Passwords in logfiles
- Date: Mon, 9 Apr 2007 09:29:31 -0400
This is probably worth noting, as, I just happened to notice it while debugging something...
I'm running sympa v5.2.4,
I just noticed that when log_level 2 or higher is configured in sympa.conf, wwsympa logs userids and passwords.
To check, set your log_level to 2, or more, fire up sympa & apache, login & then...
To find passwords for logins:
grep "POST key passwd" sympalogfile
Apr 6 15:15:12 localhost wwsympa[11624]: POST key passwd value MYPASSWORD
To find the email/userids:
grep "POST key email" sympalogfile
Apr 6 15:15:12 localhost wwsympa[11624]: POST key email value MYUSERID or EMAIL
If you use ldap, you can find these easier by:
grep Auth::ldap_authentication sympalog
Apr 6 15:15:12 localhost wwsympa[11624]: Auth::ldap_authentication (MYUSERID,MYPASSWORD,uid_filter)
-chris
-
[sympa-users] Passwords in logfiles,
Peck Chris, 04/09/2007
-
[sympa-users] Re: Passwords in logfiles,
Jeff Abbott, 04/09/2007
- [sympa-users] Re: Re: Passwords in logfiles, David Verdin, 04/10/2007
-
[sympa-users] Re: Passwords in logfiles,
Jeff Abbott, 04/09/2007
Archive powered by MHonArc 2.6.19+.