Steffen Kaiser
2014-Mar-13 15:37 UTC
[Dovecot] Patch & feature request: hide passwords in doveconf -n by default
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, attached patch tries to hide any setting that ends in _password (singular) in the output of doveconf by default. doveconf -n - -> passwords replaced by "<hidden>" to prevent information leak when submitting bug reports doveconf -n -P - -> passwords visible when used by admins locally doveconf -n -P -P - -> setting itself is not shown to even hide that a password is set in the config Warning: doveconf is used by internal programs as well, maybe they won't after the patch. Timo should check out the idea. The passwords are left alone currently, if one queries one setting and if the values are saved to environment. Kind regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUyHQ0nD1/YhP6VMHAQIYkwf/aeiT4MMERJr1abZIHPv5zjvgHlyixwfM huFD2CzbhWUoUlE4auAxUVDP+l/s7jlQzZ04y4vt2BdMauMUDSg8ZcFWxSkj+Veg ZDjTVSP/v386ihH0TlGWXsVp1hCvzJUgylpQYbFwCJ3b58xs7p+8wb2l2Ngj/TTp kmtl8mJ2Z5+MBJqz4IBxye7RXkTndHMC18EjVHxNkIIJ8kEUn7tbs0eljudZXSPD q2gsG0PzvGTOUkuWWvWLVP4nTXBKMIffxX2SDNHmb1gHNV05zL8b5uth3PxUA7d6 NpXsnGHxCfOGf3FPbaTlGPfVpIX5IdTxZTRXHe++tDdlonZInM7V/g==73ZJ -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot_conf_hidepwd.diff.bz2 Type: application/octet-stream Size: 1667 bytes Desc: URL: <http://dovecot.org/pipermail/dovecot/attachments/20140313/00ec10c5/attachment.obj>