Password is visible in arugments list in debug mode

Issue #17 new
viharm repo owner created an issue

In debug mode, the provided password is visible when listing arguments.

Arguments provided
┌──────────────────────────────────────────────────────────────────────────────┐
│ $ag_DebugOutput                                                              │
└──────────────────────────────────────────────────────────────────────────────┘
array (1) [
    0 => array (4) [
        'ky_UserKeyword' => string (4) "username"
        'ky_UserPassword' => string (8) "secretpassword"
        'ky_UserDomain' => null
        'ky_GroupKeyword' => null
    ]
]

Comments (2)

  1. viharm reporter

    phpKhelper provides a redacting tool which should be used. Especially in this case the key name of the password field is known - `ky_UserPassword'`

    Line 217 should be changed from…

    fn_Debug ( 'Arguments provided' , func_get_args() ) ;
    

    to….

    fn_Debug ( 'Arguments provided' , func_get_args() , 'ky_UserPassword' ) ;
    

  2. Log in to comment