[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[6536] trunk/LedgerSMB/Auth/DB.pm
- Subject: SF.net SVN: ledger-smb:[6536] trunk/LedgerSMB/Auth/DB.pm
- From: ..hidden..
- Date: Sun, 19 Jan 2014 02:00:02 +0000
Revision: 6536
http://sourceforge.net/p/ledger-smb/code/6536
Author: einhverfr
Date: 2014-01-19 02:00:01 +0000 (Sun, 19 Jan 2014)
Log Message:
-----------
Correcting leakage of credentials from logging debug statements. 1.4 beta only
Modified Paths:
--------------
trunk/LedgerSMB/Auth/DB.pm
Modified: trunk/LedgerSMB/Auth/DB.pm
===================================================================
--- trunk/LedgerSMB/Auth/DB.pm 2014-01-18 23:46:58 UTC (rev 6535)
+++ trunk/LedgerSMB/Auth/DB.pm 2014-01-19 02:00:01 UTC (rev 6536)
@@ -36,16 +36,12 @@
sub get_credentials {
# Handling of HTTP Basic Auth headers
my $auth = $ENV{'HTTP_AUTHORIZATION'};
- print STDERR localtime()." tshvr4 Auth/DB.pm get_credentials auth ".Data::Dumper::Dumper($auth)."\n";
$auth =~ s/Basic //i; # strip out basic authentication preface
$auth = MIME::Base64::decode($auth);
- print STDERR localtime()." tshvr4 Auth/DB.pm get_credentials auth mime ".Data::Dumper::Dumper($auth)."\n";
#tshvr4 2014-01-14 Firefox, after logout on normal application (login.pl) and coming to setup.pl, auth seems to be 'logout:logout', TODO remove Dumper statements
#$auth =~ s/Basic //i; # strip out basic authentication preface
- #print STDERR localtime()." tshvr4 Auth/DB.pm get_credentials auth before mime ".Data::Dumper::Dumper($auth)."\n";
#$auth = MIME::Base64::decode($auth);
- print STDERR localtime()." tshvr4 Auth/DB.pm get_credentials auth decoded ".Data::Dumper::Dumper($auth)."\n";
my $return_value = {};
#$logger->debug("\$auth=$auth");#be aware of passwords in log!
($return_value->{login}, $return_value->{password}) = split(/:/, $auth);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Ledger-smb-commits mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-commits