If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

[mozbot.pl] Mozbot shouldn't log passwords (newuser, auth)

NEW
Unassigned

Status

Webtools
Mozbot
--
major
15 years ago
6 years ago

People

(Reporter: Tobias Burnus, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
While mozbot.pl.cfg contains the passwords in a hash form it logs the /msg
mozbot communication with password.

Result: 
2002-08-23 08:29:15 UTC Told:  <nick> auth burnus foobar
2002-08-23 08:29:15 UTC Authed:  <nick> auth burnus foobar

Expected:
a) Hide the password
  2002-08-23 08:29:15 UTC Told:  <nick> auth burnus <password>
  2002-08-23 08:29:15 UTC Authed:  <nick> auth burnus <password>
b) Don't log these.
not sure how to do this
...or even whether to try.
Summary: Mozbot shouldn't log passwords (newuser, auth) → [mozbot.pl] Mozbot shouldn't log passwords (newuser, auth)
QA Contact: kerz → mozbot

Comment 3

9 years ago
Resetting to new default owner.
Assignee: ian → nobody

Comment 4

9 years ago
Well, if anyone still cares:

after line 1348
chomp $line; # ...and they are probably a constant string!
add

        $line =~s/\s*auth\s+($variablepattern)\s+($variablepattern)/auth $1 <password>/osi;
        $line =~s/\s*password\s+($variablepattern)\s+($variablepattern)(\s+($variablepattern))?\s*/password <oldpassword> <newpassword> <newpassword>/osi;
       	$line =~s/\s*new\s*user\s+($variablepattern)\s+($variablepattern)(\s+($variablepattern))?\s*/newuser $1 <password> <password>/osi;
        $line =~s/password '$variablepattern' and/password '<password>' and/osi;
You need to log in before you can comment on or make changes to this bug.